|
|
#1
19 juni 2009, 08:12
| |||
| |||
| Hei, min datamaskin synes å ha noen malware som jeg oppdaget når onkelen min koblet sin USB-nøkkel. Avast skanner funnet noen ting, men ikke fikk rent / fjerne den. Defender skanner ville fryse etter ca 7 minutter. Og MBAM full scan også frøs etter ca 5 minutter, men rask skanning var ok. Her er loggene: Avast: 18/06/2009 11:07:37 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "D: \ RECYCLER \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ personlige mapper \ toppen av personlige mapper \ Innboks \ UPS Sporingsnummer 7124353990 \ UPS_INVOICE_978172.zip \ UPS_INVOICE_9781 72.exe "-filen. 18/06/2009 11:06:59 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "D: \ RECYCLER \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ personlige mapper \ toppen av personlige mapper \ Slettede elementer \ UPS Sporingsnummer 7124353990 \ UPS_INVOICE_978172.zip \ UPS_INVOICE_9781 72.exe "-filen. 18/06/2009 11:06:59 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "D: \ RECYCLER \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ personlige mapper \ toppen av personlige mapper \ Slettede elementer \ UPS Sporingsnummer 0762005263 \ invoice_8712.zip \ INVOICE_8712.exe "-filen. 18/06/2009 11:06:58 AM brukeren 3652 Logg av "Win32: Agent-AAPS [Trj]" er funnet i "D: \ RECYCLER \ S-1-5-21-1214440339-602162358-839522115-1003 \ Dd16 \ Outlook.pst \ personlige mapper \ toppen av personlige mapper \ Slettede elementer \ UPS Sporingsnummer 3508422599 \ ups_invoice.zip \ ups_invoice.exe "-filen. 18/06/2009 10:42:55 AM brukeren 3652 Logg av "Win32: Trojan-gen (Other)" er funnet i "C: \ Documents and Settings \ brukernavn \ Lokale innstillinger \ Programdata \ Microsoft \ Outlook \ Outlookinfo @ fcagroup.com (imap)-00000005.pst \ info@fcagroup.com \ toppen av personlige mapper \ [Gmail] \ All e \ kult bilder \ pussy.zip \ pussy.exe "-filen. 18/06/2009 10:42:41 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "C: \ Documents and Settings \ brukernavn \ Lokale innstillinger \ Programdata \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (imap)-00000005.pst \ info@fcagroup.com \ toppen av personlige mapper \ [Gmail] \ All e \ UPS: Din Sporingsnummer 358010698330 \ PDF76512.zip \ PDF76512.exe "-filen. 18/06/2009 10:42:41 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "C: \ Documents and Settings \ brukernavn \ Lokale innstillinger \ Programdata \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (imap)-00000005.pst \ info@fcagroup.com \ toppen av personlige mapper \ [Gmail] \ All e \ UPS: Din Sporingsnummer 145132932471 \ PDF76512.zip \ PDF76512.exe "-filen. 18/06/2009 10:42:23 AM brukeren 3652 Logg av "Win32: Ups [Cryp]" er funnet i "C: \ Documents and Settings \ brukernavn \ Lokale innstillinger \ Programdata \ Microsoft \ Outlook \ Outlookinfo @ fcagroup . com (imap)-00000005.pst \ info@fcagroup.com \ toppen av personlige mapper \ [Gmail] \ All e \ UPS: Din Sporingsnummer 239293259082 \ EXL6512721.zip \ EXL6512721.exe "-filen. 17/06/2009 5:36:18 PM SYSTEM 1328 Logg av "BV: AutoRun-T [Wrm]" er funnet i "F: \ Autorun.inf-fil. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/19/2009 at 10:43 Application Version: 4.26.1004 Core Rules Database Version: 3947 Trace Rules Database Version: 1889 Scan type: Complete Scan Total Scan Time: 00:36:36 Minne eks skannet: 631 Minne trusler oppdages: 0 Registerelementene skannet: 6110 Registerverdi trusler oppdages: 0 Fil eks skannet: 46796 Fil trusler oppdages: 9 Adware.Tracking Cookie C: \ Documents and Settings \ brukernavn \ Cookies \ user @ xiti [1]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user @ revsci [2]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user @ tribalfusion [2]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user @ RealMedia [2]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user@microsoftwindows.112.2o 7 [1]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user@pandasoftware.112.2o7 [1]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user@adopt.euroclick [2]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user @ specificclick [2]. Txt C: \ Documents and Settings \ brukernavn \ Cookies \ user @ 247realmedia [1]. Txt Malwarebytes' Anti-Malware 1.38 Database versjon: 2308 Windows 5.1.2600 Service Pack 3 19/06/2009 11:01:44 AM mbam-log-2009-06-19 (11-01-44). txt Scan type: Quick Scan Objekter skannet: 87063 Tid brukt: 2 minutt (er), 24 sekund (er) Memory Processes Infected: 0 Memory Modules Infected: 0 Registernøkler Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (Ingen skadelige eks oppdaget) Memory Modules Infected: (Ingen skadelige eks oppdaget) Registernøkler Infected: (Ingen skadelige eks oppdaget) Registry Values Infected: (Ingen skadelige eks oppdaget) Registry Data Items Infected: (Ingen skadelige eks oppdaget) Folders Infected: (Ingen skadelige eks oppdaget) Files Infected: (Ingen skadelige eks oppdaget) Logfile of Trend Micro HijackThis v2.0.2 Scan lagret 11:04:24, on 19/06/2009 Plattform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Kjører prosesser: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ Lsass.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ system32 \ cisvc.exe C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe C: \ Program Files \ Hamachi \ hamachi.exe C: \ WINDOWS \ system32 \ cidaemon.exe C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ Explorer.exe C: \ Programfiler \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ system32 \ fxssvc.exe C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe C: \ WINDOWS \ RTHDCPL.EXE C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe C: \ WINDOWS \ Samsung \ PanelMgr \ SSMMgr.exe C: \ WINDOWS \ Twain_32 \ Samsung \ SCX4x28 \ Scan2pc.exe C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Programfiler \ Skype \ Phone \ Skype.exe C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe C: \ Program Files \ Hamachi \ hamachi.exe C: \ Programfiler \ 2BrightSparks \ SyncBack \ SyncBack.exe C: \ Programfiler \ Skype \ Plugin Manager \ skypePM.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ Notepad.exe C: \ Programfiler \ Mozilla Firefox \ firefox.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe C: \ Programfiler \ Trend Micro \ HijackThis \ sniper.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dhl.ca/ca/wfHomeLoggedIn.aspx F2 - REG: system.ini: UserInit = C: \ WINDOWS \ system32 \ userinit.exe, userinit. Exe O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programfiler \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programfiler \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dll O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE O4 - HKLM \ .. \ Run: [DiskeeperSystray] "C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkIcon.exe" O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Programfiler \ Windows Defender \ MSASCui.exe"-hide O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Programfiler \ Zone Labs \ ZoneAlarm \ zlclient.exe" O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ SSMMgr.exe / autorun O4 - HKLM \ .. \ Run: [4x28 Scan2PC] "C: \ WINDOWS \ Twain_32 \ Samsung \ SCX4x28 \ Scan2pc.e XE" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Programfiler \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / lydløs O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [Skype] "C: \ Programfiler \ Skype \ Phone \ Skype.exe" / nosplash / minimeres O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user') O4 - Startup: hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe O4 - Startup: Snarvei til Kart Drive.lnk = C: \ Documents and Settings \ brukernavn \ Skrivebord \ Kart Drive.bat O4 - Startup: SyncBack.lnk = C: \ Programfiler \ 2BrightSparks \ SyncBack \ SyncBack.exe O4 - Global Startup: Windows Search.lnk = C: \ Programfiler \ Windows Desktop Search \ WindowsSearch.exe O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 O8 - Extra sammenheng menyelement: Web Capture - C: \ Programfiler \ SmarThru Office \ WebCapture.dll O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra "Verktøy" MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1203273577140 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C: \ Program Files \ Hamachi \ hamachi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: Pervasive PSQL arbeidsgruppe Engine (psqlWGE) - Pervasive Software Inc. - C: \ Programfiler \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe -- End of file - 7353 bytes |
|
#2
20 juni 2009, 06:58
| ||||||||||||
| ||||||||||||
| Hei der, og velkommen til Computer Juice Jeg er Steve, og jeg skal hjelpe deg thoughout denne reparasjonen. Før du begynner feilrettingsfilen, les dette innlegget helt. Hvis det er noe du ikke forstår, ber dine spørsmål før du fortsetter. Det er viktig at du ikke går glipp av ett trinn. Vær utfører alt i riktig rekkefølge / sekvens. Vi begynner med ComboFix.exe. Kan du gå til denne siden for nedlasting koblinger, og instruksjonene for å kjøre verktøyet: http://www.bleepingcomputer.com/comb...o-use-combofix Kontroller at du har deaktivert alle anti-virus og anti malware-programmene slik at de ikke forstyrrer driften av ComboFix. Ta med C: \ ComboFix.txt i neste svare for videre vurdering.
__________________
__________________
Stolt medlem av ASAP & Unite Min System: Steves Rig
|
|
#3
22 juni 2009, 07:38
| |||
| |||
| Hei, takk for hjelpen. Her er loggen: ComboFix 09-06-21.01 - bruker 22/06/2009 10:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -4:00] Running from: C: \ Documents and Settings \ brukernavn \ Skrivebord \ ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090621-0] * On-tilgang skanning deaktivert * (Oppdatert) (7591DB91-41F0-48A3-B128-1A293FD8233D) FW: ZoneAlarm Firewall * deaktivert * (829BDA32-94B3-44F4-8446-F8FCFF809F8B) . ((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ winsusrm.dll . ((((((((((((((((((((((((( Files Created fra 2009-05-22 til 2009-06-22 ))))))))))) )))))))))))))))))))) . 2009-06-19 15:34. 2009-06-19 15:34 -------- d ----- w-c: \ Programfiler \ Microsoft ActiveSync 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ Malwarebytes 2009-06-19 14:07. 2009-06-17 15:27 38160 ---- aw-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Programfiler \ Malwarebytes' Anti-Malware 2009-06-19 14:07. 2009-06-19 14:07 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2009-06-19 14:07. 2009-06-17 15:27 19096 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys 2009-06-19 13:58. 2009-06-19 13:58 117760 ---- aw-c: \ Documents and Settings \ brukernavn \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ SUPERAntiSpyware.com 2009-06-19 13:57. 2009-06-19 13:57 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Wise Installation Wizard 2009-06-10 17:39. 2009-06-10 17:39 152576 ---- aw-c: \ Documents and Settings \ brukernavn \ Application Data \ søndag \ Java \ jre1.6.0_14 \ lzma.dll 2009-06-10 00:53. 2009-06-10 00:53 -------- d ----- w-c: \ Documents and Settings \ All Users \ Programdata \ NCH Software 2009-05-29 11:46. 2008-04-14 09:42 26624 ---- aw-c: \ Documents and Settings \ LocalService \ Application Data \ Microsoft \ UPnP Device Host \ upnphost \ udhisapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-22 14:22. 2009-04-28 15:03 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ Skype 2009-06-22 13:56. 2008-02-17 21:01 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ Hamachi 2009-06-22 12:02. 2009-04-28 15:18 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ skypePM 2009-06-19 13:35. 2008-02-17 22:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2009-06-18 19:10. 2008-06-19 15:20 31703397 ---- aw-c: \ windows \ Internet Logs \ tvDebug.zip 2009-06-12 07:08. 2008-12-03 14:46 -------- d ----- w-c: \ Program Files \ Windows Desktop Search 2009-06-10 17:39. 2009-03-26 15:12 -------- d ----- w-c: \ Programfiler \ Java 2009-06-10 16:58. 2008-12-30 17:22 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ filezilla 2009-05-30 21:05. 2008-08-28 17:15 -------- d ----- w-c: \ Programfiler \ MK Powertools 2009-05-25 04:24. 2008-05-27 03:18 350208 ---- aw-c: \ windows \ system32 \ mssph.dll 2009-05-21 15:33. 2008-12-06 16:44 410984 ---- aw-c: \ windows \ system32 \ deploytk.dll 2009-05-12 19:12. 2008-02-17 18:05 26144 ---- aw-c: \ windows \ system32 \ spupdsvc.exe 2009-05-07 15:32. 2004-08-03 16:56 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-05-01 16:37. 2009-02-07 19:53 -------- d ----- w-c: \ Documents and Settings \ brukernavn \ Application Data \ Unyte 2009-04-29 04:46. 2004-08-03 16:56 666624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2004-08-03 16:56 81920 ---- aw-c: \ windows \ system32 \ ieencode.dll 2009-04-28 15:18. 2009-04-28 15:18 56 --- ha-w-c: \ windows \ system32 \ ezsidmv.dat 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Skype 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- r-c: \ Program Files \ Skype 2009-04-28 15:02. 2009-04-28 15:02 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Skype 2009-04-17 12:26. 2004-08-03 15:17 1847168 ---- aw-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2004-08-03 16:56 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-09 02:09. 2009-04-09 02:04 664 ---- aw-c: \ windows \ system32 \ d3d9caps.dat 2009-04-01 21:57. 2008-02-17 22:30 4212 --- ha-w-c: \ windows \ system32 \ zllictbl.dat 2009-04-01 21:21. 2009-04-01 21:21 152576 ---- aw-c: \ Documents and Settings \ brukernavn \ Application Data \ søndag \ Java \ jre1.6.0_13 \ lzma.dll 2009-03-31 21:41. 2009-03-31 21:41 0 ---- aw-c: \ windows \ system32 \ WSSPOOL.TMP 2009-03-26 15:11. 2009-03-26 15:11 152576 ---- aw-c: \ Documents and Settings \ brukernavn \ Application Data \ søndag \ Java \ jre1.6.0_12 \ lzma.dll 2008-06-23 22:36. 2008-06-23 22:36 0 ---- aw-c: \ Programfiler \ gditst 2008-05-22 20:04. 2008-05-22 20:04 190 ---- aw-c: \ Programfiler \ Fellesfiler \ psasetup.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries ikke vises REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "Skype" = "C: \ Program Files \ Skype \ Phone \ Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2007-09-17 8491008] "DiskeeperSystray" = "C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkIcon.exe" [2006-10-04 163840] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384] "Samsung PanelMgr" = "c: \ windows \ Samsung \ PanelMgr \ SSMMgr.exe" [2008-07-31 536576] "4x28 Scan2PC" = "c: \ windows \ Twain_32 \ Samsung \ SCX4x28 \ Scan 2pc.exe" [2008-09-29 495616] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-21 148888] "RTHDCPL" = "RTHDCPL.EXE" - c: \ windows \ RTHDCPL.exe [2007-04-26 16132608] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] c: \ Documents and Settings \ brukernavn \ Start-meny \ Programmer \ Startup hamachi.lnk - C: \ Program Files \ Hamachi \ hamachi.exe [2008-2-17 625952] Snarvei til Kart Drive.lnk - c: \ Documents and Settings \ brukernavn \ Skrivebord \ Kart Drive.bat [2008-7-30 42] SyncBack.lnk - c: \ Programfiler \ 2BrightSparks \ SyncBack \ SyncBack.exe [2008-11-15 2936064] C: \ Documents and settings \ All Users \ Start-meny \ Programmer \ Startup Windows Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2009-05-25 304128] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ ZoneLabsFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ WINDOWS \ \ system32 \ \ fxsclnt.exe" = "c: \ \ Program Files \ \ Pervasive Software \ \ PSQL \ \ bin \ \ w3dbsmgr.exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ ScanMgr.exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ SCX4x28 \ \ Scan2Pc. exe" = "c: \ \ WINDOWS \ \ twain_32 \ \ Samsung \ \ SCX4x28 \ \ Sscan2io. exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22,009 R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [07/04/2008 10:44 AM 114768] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [26/05/2009 10:05 AM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [26/05/2009 10:05 AM 72,944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [07/04/2008 10:44 AM 20,560] R2 HamachiService; Hamachi Service; C: \ Program Files \ Hamachi \ hamachi.exe [17/02/2008 5:01 PM 625952] R2 psqlWGE; Pervasive PSQL arbeidsgruppe Engine; C: \ Program Files \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe [06.06.2008 1:03 435488] R2 WinDefend; Windows Defender; C: \ Program Files \ Windows Defender \ MsMpEng.exe [03/11/2006 8:19 PM 13592] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [26/05/2009 10:05 AM 7408] S1 KPSYSDRV; KPSYSDRV; c: \ windows \ system32 \ drivers \ Kpsy sdrv.sys [23/06/2008 6:36 PM 17016] S2 BulkUsb; Genesys Logic USB Controller NT 5.0, c: \ windows \ system32 \ drivers \ usbprn.sys [23/06/2008 6:27 PM 7552] S2 SSPORT; SSPORT; \? \ C: \ windows \ system32 \ drivers \ SSPO RT.sys -> c: \ windows \ system32 \ drivers \ SSPORT.sys [?] S3 Moarer; Moarer; [x] --- Andre tjenester / drivere i minne --- * NewlyCreated * - SASDIFSV * NewlyCreated * - SASENUM * NewlyCreated * - SASKUTIL . Innholdet i "Scheduled Tasks"-mappen 2009-06-22 C: \ Windows \ Tasks \ MP Scheduled Scan.job - C: \ Program Files \ Windows Defender \ MpCmdRun.exe [2006-11-04 00:20] 2009-06-22 C: \ Windows \ Tasks \ SyncBack Outlook.job - C: \ Programfiler \ 2BrightSparks \ SyncBack \ SyncBack.exe [2008-11-15 16:19] . . ------- Tilleggsavtale Scan ------- . uStart Page = hxxp: / / www.dhl.ca / no / wfHomeLoggedIn.aspx IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office11 \ EXCEL.EXE/3000 IE: Web Capture - c: \ Programfiler \ SmarThru Office \ WebCapture.dll FF - ProfilePath -- . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-22 10:31 Windows 5.1.2600 Service Pack 3 NTFS skanning skjulte prosesser ... scanning hidden autostart entries ... skanning skjulte filer ... skanning er fullført skjulte filer: 0 ************************************************** ************************ . --------------------- Lukket registernøklene --------------------- [HKEY_LOCAL_MACHINE \ Software \ Pervasive Software \ PSQL] @ Denied:) (alle) @ = "" . Fullføringstidspunkt: 2009-06-22 10:32 ComboFix-karantene-files.txt 2009-06-22 14:32 Pre-Run: 32245211136 bytes gratis Post-Run: 32239325184 bytes gratis WindowsXP-KB310994-SP2-Pro-bootdisk-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro myk Windows XP Professional" / noexecute = OptIn / fastdetect 164 --- EOF --- 2009-06-18 19:28 |
|
#4
22 juni 2009, 09:38
| |||
| |||
| Hei der I denne neste post Jeg ønsker å kjøre en online virusskanning, først kan fjerne noen uønskede useriøs .... Last ned ATF Cleaner ved Atribune. Dette programmet er for XP og Windows 2000 Dobbeltklikk ATF-Cleaner.exe å kjøre programmet. Under Hovedsaklig Velg: Velg alle Klikk Empty Selected knappen. Hvis du bruker nettleseren Firefox Klikk Firefox øverst og velge: Velg alle Klikk Empty Selected knappen. MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten. Hvis du bruker Opera nettleseren Klikk Opera øverst og velge: Velg alle Klikk Empty Selected knappen. MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten. Klikk Avslutt på hovedmenyen for å lukke programmet. For Teknisk supportDobbeltklikk e-postadressen som ligger i bunnen av hver meny. Etablere en internettforbindelse og utføre en online scan med Internet Explorer ved Kaspersky Online Scanner. ** Vista brukere - høyreklikk IE / Firefox, og kjører som administrator Klikk GodtaNår du blir bedt om å laste ned og installere programmet filer og database med malware definisjoner.
Denne animasjonen vil lede deg gjennom prosessen:  ** Note ** Å optimalisere skanning tid og produsere en mer fornuftig rapport for vurdering: Lukk alle åpne programmer Slå av sanntid scanner av et eksisterende antivirusprogram mens utføre online scan. Du kan koble fra Internett når du starter søket. Merk for Internet Explorer 7-brukere: Hvis du på noe tidspunkt har du problemer med å vise godkjenningsknappen av lisensen, klikk på Zoom-verktøyet finnes nederst til høyre på IE vinduet og sette zoome til 75%. Når lisensen tillatt, tilbakestilles til 100%. Post tilbake med resultatene fra Kasperksy, også oppdatere meg på hvordan ting kjører
__________________ Stolt medlem av ASAP & Unite |
|
#5
23 juni 2009, 08:40
| |||
| |||
| http://www.dhl.ca/ca/wfHomeLoggedIn.aspx R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://www.update.microsoft.com/wind...?1203273577140 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: Adobe LM Service - Unknown owner - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Programfiler \ Diskeeper Corporation \ Diskeeper \ DkService.exe O23 - Service: Hamachi Service ( HamachiService) - LogMeIn Inc. - C: \ Program Files \ Hamachi \ hamachi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe O23 - Service: Pervasive PSQL arbeidsgruppe Engine (psqlWGE) - Pervasive Software Inc. - C: \ Programfiler \ Pervasive Software \ PSQL \ bin \ w3dbsmgr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe - End of file - 7090 bytes |
|
#6
23 juni 2009, 12:14
| |||
| |||
| Hei Vi trenger virkelig å kjøre en full system scan på stasjonen for å være sikker på at ingenting er leftover. En ting jeg merker er at online scanner plukket opp på en phishing-svindel e-post. Det forteller oss ikke akkurat som en det er men det forteller oss at det er i din innboks. Phishingsvindel prøve å lokke deg til å samle informasjon til nettsteder, slik at kriminelle kan få informasjon og bruke den til egen fordel. For mer informasjon om phishing lese denne artikkelen her. E aktuelle mai ser ut som den kom fra din egen bank eller annen finansinstitusjon, og vil selv bære logoer stjålet fra det opprinnelige området. Aldri logge deg banktjenester nettsted eller noe annet nettsted fra koblinger fra e-posten. Alltid gå til hjemmesiden og logg deg på fra deres. Jeg vil anbefaler at du tømme slettede elementer mappe sammen med andre mistenkelige e-postmeldinger. Kan prøve en full scan med en annen skanneren. Utføre en online scan med Panda ActiveScan
* Slå av sanntid scanner av et eksisterende antivirusprogram mens utføre online scan. Avast brukere beskjed: Vennligst fortsette med online scan på Panda hvis du mottar et varsel. Det er en falsk positiv fra Avast fordi Panda Antivirus ikke kryptere sin virus database. For noen grunn til HJT loggen du sendte er uleselig, stedet du skal legge inn en annen type logg Last ned DDS og lagre den på skrivebordet.
Innlegg begge loggene tilbake i neste svar Også inkludere panda skanne resultater og hold meg oppdatert på systemet status
__________________ Stolt medlem av ASAP & Unite |
