|
|
#1
19. juni 2009, 08:12
| |||
| |||
 Autorun Malware? Hej, min computer ser ud til at have nogle malware, at jeg opdagede, da min onkel tilsluttet hans USB-nøgle. Avast scanne fundet nogle ting, men kunne ikke rense / fjerne det. Defender scanner ville fryse efter ca 7 minutter. Og MBAM fuld scanning også frøs efter ca 5 minutter, men hurtig scanning var ok. Her er de logfiler: Avast: 18/06/2009 11:07:37 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "D: \ Recycler \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ Personal Folders \ Toppen af private mapper \ Inbox \ UPS Tracking Number 7124353990 \ UPS_INVOICE_978172.zip \ UPS_INVOICE_9781 72.exe "fil. 18/06/2009 11:06:59 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "D: \ Recycler \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ Personal Folders \ Toppen af private mapper \ Slettet post \ UPS Tracking Number 7124353990 \ UPS_INVOICE_978172.zip \ UPS_INVOICE_9781 72.exe "fil. 18/06/2009 11:06:59 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "D: \ Recycler \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ Personal Folders \ Toppen af private mapper \ Slettet post \ UPS Tracking Number 0762005263 \ invoice_8712.zip \ INVOICE_8712.exe "fil. 18/06/2009 11:06:58 AM bruger 3652 Log af "Win32: Agent-AAPS [Trj]" er blevet fundet i "D: \ Recycler \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ Personal Folders \ Toppen af private mapper \ Slettet post \ UPS Tracking Number 3508422599 \ ups_invoice.zip \ ups_invoice.exe "fil. 18/06/2009 10:42:55 AM bruger 3652 Log af "Win32: Trojan-gen (Other)" er blevet fundet i "C: \ Documents and Settings \ brugernavn \ Local Settings \ Application Data \ Microsoft \ Outlook \ Outlookinfo @ fcagroup.com (IMAP)-00000005.pst \ info@fcagroup.com \ Toppen af private mapper \ [Gmail] \ Alle Mail \ Really cool billeder \ pussy.zip \ pussy.exe "fil. 18/06/2009 10:42:41 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "C: \ Documents and Settings \ brugernavn \ Local Settings \ Application Data \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (IMAP)-00000005.pst \ info@fcagroup.com \ Toppen af private mapper \ [Gmail] \ Alle Mail \ UPS: Din Sporingsnummer 358010698330 \ PDF76512.zip \ PDF76512.exe "fil. 18/06/2009 10:42:41 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "C: \ Documents and Settings \ brugernavn \ Local Settings \ Application Data \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (IMAP)-00000005.pst \ info@fcagroup.com \ Toppen af private mapper \ [Gmail] \ Alle Mail \ UPS: Din Sporingsnummer 145132932471 \ PDF76512.zip \ PDF76512.exe "fil. 18/06/2009 10:42:23 AM bruger 3652 Log af "Win32: Ups [Cryp]" er blevet fundet i "C: \ Documents and Settings \ brugernavn \ Local Settings \ Application Data \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (IMAP)-00000005.pst \ info@fcagroup.com \ Toppen af private mapper \ [Gmail] \ Alle Mail \ UPS: Din Sporingsnummer 239293259082 \ EXL6512721.zip \ EXL6512721.exe "fil. 17/06/2009 5:36:18 PM SYSTEM 1328 Log af "BV: AutoRun-T [Wrm]" er blevet fundet i "F: \ Autorun.inf"-fil. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/19/2009 at 10:43 Application Version: 4.26.1004 Core Rules Database Version: 3947 Trace Rules Database Version: 1889 Scan type: Complete Scan Total Scan Time: 00:36:36 Memory poster scannet: 631 Memory trusler opdaget: 0 Topdomæneadministratoren poster scannet: 6110 Topdomæneadministratoren trusler opdaget: 0 File poster skannet: 46796 File trusler opdaget: 9 Adware.Tracking Cookie C: \ Documents and Settings \ bruger \ Cookies \ bruger @ xiti [1]. Txt C: \ Documents and Settings \ bruger \ Cookies \ bruger @ revsci [2]. Txt C: \ Documents and Settings \ bruger \ Cookies \ bruger @ tribalfusion [2]. Txt C: \ Documents and Settings \ bruger \ Cookies \ bruger @ RealMedia [2]. Txt C: \ Documents and Settings \ bruger \ Cookies \ user@microsoftwindows.112.2o 7 [1]. Txt C: \ Documents and Settings \ bruger \ Cookies \ user@pandasoftware.112.2o7 [1]. Txt C: \ Documents and Settings \ bruger \ Cookies \ user@adopt.euroclick [2]. Txt C: \ Documents and Settings \ bruger \ Cookies \ bruger @ specificclick [2]. Txt C: \ Documents and Settings \ bruger \ Cookies \ bruger @ 247realmedia [1]. Txt Malwarebytes' Anti-Malware 1.38 Database version: 2308 Windows 5.1.2600 Service Pack 3 19/06/2009 11:01:44 AM mbam-log-2009-06-19 (11-01-44). txt Scan type: Quick Scan Objekter skannet: 87063 Tidsforbrug: 2 minut (ter), 24 sekund (s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registreringsdatabasenøgler Inficerede: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (Nr. ondsindede elementer opdaget) Memory Modules Infected: (Nr. ondsindede elementer opdaget) Registreringsdatabasenøgler Inficerede: (Nr. ondsindede elementer opdaget) Registry Values Infected: (Nr. ondsindede elementer opdaget) Registry Data Items Infected: (Nr. ondsindede elementer opdaget) Folders Infected: (Nr. ondsindede elementer opdaget) Files Infected: (Nr. ondsindede elementer opdaget) Logfile af Trend Micro HijackThis v2.0.2 Scan gemt kl 11:04:24 den 19/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Kørende processer: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programmer \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ cisvc.exe C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe C: \ Programmer \ Hamachi \ hamachi.exe C: \ WINDOWS \ system32 \ cidaemon.exe C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ Explorer.EXE C: \ Programmer \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ system32 \ fxssvc.exe C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ RTHDCPL.EXE C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe C: \ WINDOWS \ Samsung \ PanelMgr \ SSMMgr.exe C: \ WINDOWS \ Twain_32 \ Samsung \ SCX4x28 \ Scan2pc.exe C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Programmer \ Skype \ Phone \ Skype.exe C: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe C: \ Programmer \ Hamachi \ hamachi.exe C: \ Programmer \ 2BrightSparks \ SyncBack \ SyncBack.exe C: \ Programmer \ Skype \ Plugin Manager \ skypePM.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ Notepad.exe C: \ Programmer \ Mozilla Firefox \ firefox.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe C: \ Programmer \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dhl.ca/ca/wfHomeLoggedIn.aspx F2 - REG: system.ini: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, userinit. Exe O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programmer \ Java \ jre6 \ lib \ indsætte \ jqs \ dvs \ jqs_plugin.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE O4 - HKLM \ .. \ Run: [DiskeeperSystray] "C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkIcon.exe" O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programmer \ Windows Defender \ MSASCui.exe"-hide O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe" O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ SSMMgr.exe / autorun O4 - HKLM \ .. \ Run: [4x28 Scan2PC] "C: \ WINDOWS \ Twain_32 \ Samsung \ SCX4x28 \ Scan2pc.e XE" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Programmer \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / lydløs O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [Skype] "C: \ Programmer \ Skype \ Phone \ Skype.exe" / nosplash / minimeret O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: hamachi.lnk = C: \ Programmer \ Hamachi \ hamachi.exe O4 - Startup: Genvej til Map Drive.lnk = C: \ Documents and Settings \ bruger \ Desktop \ Kort Drive.bat O4 - Startup: SyncBack.lnk = C: \ Programmer \ 2BrightSparks \ SyncBack \ SyncBack.exe O4 - Global Startup: Windows Search.lnk = C: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000 O8 - Extra sammenhæng menupunkt: Web Capture - C: \ Programmer \ SmarThru Office \ WebCapture.dll O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1203273577140 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C: \ Programmer \ Hamachi \ hamachi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: Pervasive PSQL Workgroup Motor (psqlWGE) - Pervasive Software Inc. - C: \ Programmer \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe -- End of file - 7353 bytes |
|
#2
20. juni 2009, 06:58
| ||||||||||||
| ||||||||||||
| Autorun Malware? Howdy der og velkommen til Computer Juice I'm Steve og jeg vil hjælpe dig thoughout denne rettelse. Før begyndelsen programrettelsen, kan du læse dette indlæg fuldstændigt. Hvis der er noget, du ikke forstår, beder dine spørgsmål før du fortsætter. Det er vigtigt, at du ikke går glip af et trin. Please udføre alt i den rigtige rækkefølge / sekvens. Vi begynder med ComboFix.exe. Kan du besøge denne webside for download links, og instruktioner for at køre værktøjet: http://www.bleepingcomputer.com/comb...o-use-combofix Sikre, at du har slået alle anti-virus og anti malware-programmer, så de ikke forstyrrer driften af ComboFix. Angiv venligst også C: \ ComboFix.txt i dit næste svar med yderligere revision.
__________________
__________________
Stolt medlem af ASAP & UNITE Mit system: Steves Rig
|
|
#3
22 juni 2009, 07:38
| |||
| |||
| Autorun Malware? Hey, tak for at hjælpe. Her er log: ComboFix 09-06-21.01 - bruger 22/06/2009 10:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -4:00] Kører fra: c: \ Documents and Settings \ bruger \ Desktop \ ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090621-0] * On-access scanning handicappede * (Opdateret) (7591DB91-41F0-48A3-B128-1A293FD8233D) FW: ZoneAlarm Firewall * handicappede * (829BDA32-94B3-44F4-8446-F8FCFF809F8B) . ((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Windows \ system32 \ winsusrm.dll . ((((((((((((((((((((((((( Files Created fra 2009-05-22 til 2009-06-22 ))))))))))) )))))))))))))))))))) . 2009-06-19 15:34. 2009-06-19 15:34 -------- d ----- w-c: \ Programmer \ Microsoft ActiveSync 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ Malwarebytes 2009-06-19 14:07. 2009-06-17 15:27 38160 ---- aw-C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Programmer \ Malwarebytes' Anti-Malware 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2009-06-19 14:07. 2009-06-17 15:27 19096 ---- aw-C: \ Windows \ system32 \ drivers \ mbam.sys 2009-06-19 13:58. 2009-06-19 13:58 117760 ---- aw-c: \ Documents and Settings \ bruger \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Programmer \ SUPERAntiSpyware 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ SUPERAntiSpyware.com 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Programmer \ Common Files \ Wise Installation Wizard 2009-06-10 17:39. 2009-06-10 17:39 152576 ---- aw-c: \ Documents and Settings \ bruger \ Application Data \ søn \ Java \ jre1.6.0_14 \ lzma.dll 2009-06-10 00:53. 2009-06-10 00:53 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ NCH Software 2009-05-29 11:46. 2008-04-14 09:42 26624 ---- aw-c: \ Documents and Settings \ LocalService \ Application Data \ Microsoft \ UPnP Device Host \ upnphost \ udhisapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-22 14:22. 2009-04-28 15:03 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ Skype 2009-06-22 13:56. 2008-02-17 21:01 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ Hamachi 2009-06-22 12:02. 2009-04-28 15:18 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ skypePM 2009-06-19 13:35. 2008-02-17 22:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2009-06-18 19:10. 2008-06-19 15:20 31703397 ---- aw-C: \ Windows \ Internet Logs \ tvDebug.zip 2009-06-12 07:08. 2008-12-03 14:46 -------- d ----- w-c: \ Programmer \ Windows Desktop Search 2009-06-10 17:39. 2009-03-26 15:12 -------- d ----- w-c: \ Programmer \ Java 2009-06-10 16:58. 2008-12-30 17:22 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ filezilla 2009-05-30 21:05. 2008-08-28 17:15 -------- d ----- w-c: \ program files \ MK Værktøj 2009-05-25 04:24. 2008-05-27 03:18 350208 ---- aw-C: \ Windows \ system32 \ mssph.dll 2009-05-21 15:33. 2008-12-06 16:44 410984 ---- aw-C: \ Windows \ system32 \ deploytk.dll 2009-05-12 19:12. 2008-02-17 18:05 26144 ---- aw-C: \ Windows \ system32 \ spupdsvc.exe 2009-05-07 15:32. 2004-08-03 16:56 345600 ---- aw-C: \ Windows \ system32 \ Localspl.dll 2009-05-01 16:37. 2009-02-07 19:53 -------- d ----- w-c: \ Documents and Settings \ bruger \ Application Data \ Unyte 2009-04-29 04:46. 2004-08-03 16:56 666624 ---- aw-C: \ Windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2004-08-03 16:56 81920 ---- aw-C: \ Windows \ system32 \ ieencode.dll 2009-04-28 15:18. 2009-04-28 15:18 56 --- ha-w-C: \ Windows \ system32 \ ezsidmv.dat 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- w-c: \ Programmer \ Common Files \ Skype 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- r-c: \ Programmer \ Skype 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Skype 2009-04-17 12:26. 2004-08-03 15:17 1847168 ---- aw-C: \ Windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2004-08-03 16:56 585216 ---- aw-C: \ Windows \ system32 \ Rpcrt4.dll 2009-04-09 02:09. 2009-04-09 02:04 664 ---- aw-C: \ Windows \ system32 \ d3d9caps.dat 2009-04-01 21:57. 2008-02-17 22:30 4212 --- ha-w-C: \ Windows \ system32 \ zllictbl.dat 2009-04-01 21:21. 2009-04-01 21:21 152576 ---- aw-c: \ Documents and Settings \ bruger \ Application Data \ søn \ Java \ jre1.6.0_13 \ lzma.dll 2009-03-31 21:41. 2009-03-31 21:41 0 ---- aw-C: \ Windows \ system32 \ WSSPOOL.TMP 2009-03-26 15:11. 2009-03-26 15:11 152576 ---- aw-c: \ Documents and Settings \ bruger \ Application Data \ søn \ Java \ jre1.6.0_12 \ lzma.dll 2008-06-23 22:36. 2008-06-23 22:36 0 ---- aw-c: \ program files \ gditst 2008-05-22 20:04. 2008-05-22 20:04 190 ---- aw-c: \ Programmer \ Common Files \ psasetup.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries er ikke vist REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "Skype" = "c: \ Programmer \ Skype \ Phone \ Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2007-09-17 8491008] "DiskeeperSystray" = "c: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkIcon.exe" [2006-10-04 163840] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "ZoneAlarm Client" = "c: \ Programmer \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384] "Samsung PanelMgr" = "C: \ Windows \ Samsung \ PanelMgr \ SSMMgr.exe" [2008-07-31 536576] "4x28 Scan2PC" = "C: \ Windows \ Twain_32 \ Samsung \ SCX4x28 \ Scan 2pc.exe" [2008-09-29 495616] "SunJavaUpdateSched" = "c: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" [2009-05-21 148888] "RTHDCPL" = "RTHDCPL.EXE" - C: \ Windows \ RTHDCPL.exe [2007-04-26 16132608] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] c: \ Documents and Settings \ brugernavn \ Menuen Start \ Programmer \ Start \ hamachi.lnk - c: \ Programmer \ Hamachi \ hamachi.exe [2008-2-17 625952] Genvej til Map Drive.lnk - c: \ Documents and Settings \ bruger \ Desktop \ Kort Drive.bat [2008-7-30 42] SyncBack.lnk - c: \ program files \ 2BrightSparks \ SyncBack \ SyncBack.exe [2008-11-15 2936064] c: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \ Windows Search.lnk - c: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "c: \ Programmer \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2009-05-25 304128] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw-c: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ ZoneLabsFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ WINDOWS \ \ system32 \ \ fxsclnt.exe" = "c: \ \ Programmer \ \ Pervasive Software \ \ PSQL \ \ bin \ \ w3dbsmgr.exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ ScanMgr.exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ SCX4x28 \ \ Scan2Pc. exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ SCX4x28 \ \ Sscan2io. exe" = "c: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009 R1 aswSP; avast! Self Protection; C: \ Windows \ system32 \ drivers \ aswSP.sys [07/04/2008 10:44 AM 114768] R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ sasdifsv.sys [26/05/2009 10:05 AM 9968] R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [26/05/2009 10:05 AM 72944] R2 aswFsBlk; aswFsBlk; C: \ Windows \ system32 \ drivers \ aswF sBlk.sys [07/04/2008 10:44 AM 20560] R2 HamachiService; Hamachi Service c: \ Programmer \ Hamachi \ hamachi.exe [17/02/2008 5:01 PM 625952] R2 psqlWGE; Pervasive PSQL Workgroup Engine c: \ program files \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe [06/06/2008 1:03 PM 435488] R2 WinDefend; Windows Defender c: \ Programmer \ Windows Defender \ MsMpEng.exe [03/11/2006 8:19 PM 13592] R3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [26/05/2009 10:05 AM 7408] S1 KPSYSDRV; KPSYSDRV; C: \ Windows \ system32 \ drivers \ Kpsy sdrv.sys [23/06/2008 6:36 PM 17016] S2 BulkUsb; Genesys Logic USB Controller NT 5.0; C: \ Windows \ system32 \ drivers \ usbprn.sys [23/06/2008 6:27 PM 7552] S2 SSPORT; SSPORT; \? \ C: \ Windows \ System32 \ Drivers \ SSPO RT.sys -> c: \ Windows \ System32 \ Drivers \ SSPORT.sys [?] S3 Moarer; Moarer; [x] --- Andre Services / bilister i Memory --- * NewlyCreated * - SASDIFSV * NewlyCreated * - SASENUM * NewlyCreated * - SASKUTIL . Indhold af "Planlagte opgaver" mappe 2009-06-22 C: \ Windows \ Tasks \ MP Scheduled Scan.job - C: \ Programmer \ Windows Defender \ MpCmdRun.exe [2006-11-04 00:20] 2009-06-22 C: \ Windows \ Tasks \ SyncBack Outlook.job - C: \ program files \ 2BrightSparks \ SyncBack \ SyncBack.exe [2008-11-15 16:19] . . ------- Supplerende Scan ------- . uStart Page = hxxp: / / www.dhl.ca / dk / wfHomeLoggedIn.aspx IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000 IE: Web Capture - c: \ program files \ SmarThru Office \ WebCapture.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net Rootkit scan 2009-06-22 10:31 Windows 5.1.2600 Service Pack 3 NTFS scanning skjulte processer ... scanning skjulte autostart entries ... scanning skjulte filer ... scanning afsluttet med succes skjulte filer: 0 ************************************************** ************************ . --------------------- LOCKED registreringsdatabasenøgler --------------------- [HKEY_LOCAL_MACHINE \ software \ Pervasive Software \ PSQL] @ Denied:) (Alle) @ = "" . Afslutning tid: 2009-06-22 10:32 ComboFix-karantæne-files.txt 2009-06-22 14:32 Pre-Run: 32245211136 bytes fri Post-Run: 32239325184 bytes fri WindowsXP-KB310994-SP2-Pro-bootdisk-DAN.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Genoprettelseskonsol" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect 164 --- EOF --- 2009-06-18 19:28 |
|
#4
22 juni 2009, 09:38
| |||
| |||
| Autorun Malware? Howdy der I den næste post, jeg ønsker du at køre en online virus scanning, første kan fjerne nogle uønskede junk .... Please download ATF Cleaner ved Atribune. Dette program er for XP og Windows 2000 Dobbeltklik på ATF-Cleaner.exe til at køre programmet. Under Hoved - vælge: Vælg Alle Klik på Tomme Udvalgte knappen. Hvis du bruger Firefox-browser Klik på Firefox øverst og vælge: Vælg Alle Klik på Tomme Udvalgte knappen. BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten. Hvis du bruger Opera-browser Klik på Opera øverst og vælge: Vælg Alle Klik på Tomme Udvalgte knappen. BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten. Klik på Afslut på hovedmenuen for at lukke programmet. For Teknisk supportDobbeltklik på den e-mail-adresse placeret i bunden af hver menu. Etablere en internetforbindelse & foretage en online-scanning med Internet Explorer ved Kaspersky Online Scanner. ** Vista brugere - højreklik IE / Firefox-ikonet og køre som administrator Klik på Accepter, Når du bliver bedt om at hente og installere programfilerne og database for malware definitioner.
Denne animation vil guide dig gennem processen:  ** Note ** At optimere scanning tid og frembringe en mere fornuftig rapport til gennemgang: Luk alle åbne programmer Sluk realtid scanner af eventuelle eksisterende antivirus-program, mens de udfører online scanning. Du kan afbryde forbindelsen til internettet, når du begynder scanningen. Note til Internet Explorer 7-brugere: Hvis du på noget tidspunkt have problemer med at se de acceptere knappen af licensen, kan du klikke på Zoom-værktøjet er placeret i bunden til højre i IE vindue og indstille zoom til 75%. Når licensen er velkomne, nulstillet til 100%. Post tilbage med resultaterne fra Kasperksy, også opdatere mig på, hvordan tingene kører
__________________ Stolt medlem af ASAP & UNITE |
|
#5
23 juni 2009, 08:40
| |||
| |||
| Autorun Malware? http://www.dhl.ca/ca/wfHomeLoggedIn.aspx R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1203273577140 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Adobe LM Service - Unknown ejer - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programmer \ Diskeeper Corporation \ Diskeeper \ DkService.exe O23 - Service: Hamachi Service ( HamachiService) - LogMeIn Inc. - C: \ Programmer \ Hamachi \ hamachi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programmer \ Java \ jre6 \ bin \ jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: Pervasive PSQL Workgroup Motor (psqlWGE) - Pervasive Software Inc. - C: \ Programmer \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe - End of file - 7090 bytes |
|
#6
23 juni 2009, 12:14
| |||
| |||
| Autorun Malware? Hej der Vi har virkelig brug for at køre en fuld systemscanning på drevet for at være sikker på, at intet er sidesten. En ting jeg mærke til, at online scanner samles op på en phishing scam email. Det fortæller os ikke præcis, hvilken en det er men den fortæller os, at det er i din indbakke. Phishing forsøg på at lokke dig til at lægge dine oplysninger til websteder, så de kriminelle kan derefter få de oplysninger og bruge dem til egen fordel. For mere information om phishing læse denne artikel her. Den e-mail med spørgsmål, kan se ud som den kom fra din egen bank eller anden finansiel institution, og vil selv foretage logoer stjålet fra det oprindelige websted. Aldrig logge ind på enhver bank-site eller nogen anden hjemmeside fra links fra e-mails. Altid gå til startsiden og logge ind fra deres. Jeg vil anbefale, at du tømmer din slettede elementer mappe ved siden af alle andre mistænkelige e-mails. Lets forsøge en fuld scanning med en anden scanner. Foretage en online-scanning med Panda ActiveScan
* Sluk for realtid scanner af eventuelle eksisterende antivirus-program, mens de udfører online scanning. Avast brugere note: Du må fortsætte med online scanning på Panda, hvis du modtager en indberetning. Det er en falsk positiv fra Avast fordi Panda Antivirus ikke kryptere sin virus database. Af en eller anden grund de HJT log, du sendte er ulæselig, i stedet Jeg vil have dig til at sende en anden type log Please download DDS og gemme den på dit skrivebord.
Post både logfilerne tilbage i dit næste svar Også omfatte panda scan resultater og holde mig opdateret på dit system status
__________________ Stolt medlem af ASAP & UNITE |
 |
 |
| Bogmærker |
Lignende Tråde | ||||
| Tråd | Thread Starter | Forum | Svar | Last Post |
| Panda USB og AutoRun Vaccine 1.0.0.19 Beta | evilfantasy | Virus, Spyware & Sikkerhed | 0 | 7 marts 2009 12:47 |
| CD autorun | severntales | Drives & flytbare medier | 2 | 13th Dec 2008 00:28 |
| Driver cd vil ikke autorun til at guide mig igennem opsætningen | P5200 | General Software Chat | 8 | 4. sep 2008 08:30 |
| Autorun Problem | Zephiron | Virus, Spyware & Sikkerhed | 10 | 17 februar 2008 14:28 |
| CD's vil ikke autorun / autostart | rigisme | Drives & flytbare medier | 11 | 18th Dec 2007 14:37 |
| Thread Tools | |
| |
