Gå til innhold


Bilde

Trenger hjelp med disse loggene

smart data recovery infeksjon

  • Vennligst logg inn for å svare.
7 svar til dette emnet

#1 Solio

Solio

    Junior

  • PipPip
  • 159 Innlegg:
  • System: Windows Xp Home Edition

Skrevet 04 August 2012 - 15:26

Her er to av loggene som jeg trenger hjelp til å analysere:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:55, on 04.08.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programfiler\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\Programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HJT\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Programfiler\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Nektra OEAPI] C:\Programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Aktivere Labtec trådløs skrivebordsløsning.lnk = ?
O4 - Global Startup: ATI CATALYST-systemstatusfelt.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Programfiler\Personal\bin\Personal.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Pro Magic Plus.lnk = C:\WASAY\PROMAGIC\PlusStart.exe
O4 - Global Startup: Windows Search.lnk = C:\Programfiler\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programfiler\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1339178396937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: WasayPMsv - Unknown owner - C:\WASAY\PROMAGIC\wspmsv.exe

--
End of file - 8924 bytes


ComboFix 12-08-04.02 - Solveig Stokkevåg 04.08.2012 14:11:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1496 [GMT 2:00]
Kjører fra: c:\documents and settings\Solveig Stokkevåg\Skrivebord\ComboFix.exe
.
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-07-04 til 2012-08-04 )))))))))))))))))))))))))))))))))
.
.
2012-08-04 12:06 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Windows Defender\Definition Updates\{040130A4-CD96-411D-AA5A-74E373B1C33B}\mpengine.dll
2012-08-04 12:05 . 2012-08-04 12:05 -------- d-----w- c:\windows\LastGood
2012-08-03 12:10 . 2012-08-03 12:10 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure uninstallationtool
2012-08-02 09:57 . 2012-08-02 09:57 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Lokale innstillinger\Programdata\VS Revo Group
2012-08-02 09:57 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-08-01 20:21 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 20:00 . 2012-08-01 20:00 -------- d-----w- c:\programfiler\CCleaner
2012-07-14 18:57 . 2012-07-14 18:57 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\ElevatedDiagnostics
2012-07-14 18:03 . 2012-07-15 16:02 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-09 15:38 . 2012-07-09 15:38 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\TestApp
2012-07-09 14:49 . 2012-07-15 14:30 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-09 12:17 . 2012-08-02 18:08 -------- d-----r- c:\documents and settings\Solveig Stokkevåg\Siste
2012-07-08 19:26 . 2012-08-01 20:16 -------- d-----w- c:\documents and settings\Administrator
2012-07-08 14:54 . 2012-02-24 08:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-07-08 14:53 . 2012-07-14 17:57 -------- d-----w- c:\programfiler\Fellesfiler\PC Tools
2012-07-08 14:53 . 2012-07-09 15:44 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Tools
2012-07-08 14:33 . 2012-07-08 18:42 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\GetRightToGo
2012-07-08 14:12 . 2012-07-08 14:12 -------- d-----w- c:\documents and settings\Solveig Stokkevåg\Programdata\Malwarebytes
2012-07-08 14:12 . 2012-07-08 14:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 15:58 . 2005-11-02 12:47 90112 ----a-w- c:\windows\DUMP29cf.tmp
2012-06-29 08:44 . 2007-01-03 19:52 6891424 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-10 08:45 . 2012-03-31 07:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 08:45 . 2011-06-05 12:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 08:12 . 2012-06-08 08:12 23510720 ----a-w- C:\dotnetfx.exe
2012-06-02 13:19 . 2006-04-14 19:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-04-14 19:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-04-14 19:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2006-04-14 19:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-04-14 19:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-19 18:20 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-04-14 19:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-06-19 18:20 23064 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-06-19 18:20 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-19 18:20 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-04-14 19:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-06-09 07:05 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2012-06-09 07:04 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-06 17:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 12:00 600064 ----a-w- c:\windows\system32\crypt32.dll
2012-05-31 10:25 . 2009-10-02 19:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-16 15:09 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-04 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-13 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 07:51 . 2009-07-22 19:58 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-20 11:34 . 2009-08-20 11:34 9811968 ----a-w- c:\programfiler\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\programfiler\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\programfiler\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-04_10.14.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-04 12:02 . 2012-08-04 12:02 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
"NBJ"="c:\programfiler\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"EPoXUSDM"="c:\program files\EPoX\USDM\USDM.EXE" [2005-02-04 1295360]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"SSBkgdUpdate"="c:\programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"hpqSRMon"="c:\programfiler\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Nektra OEAPI"="c:\programfiler\Fellesfiler\PC Tools\Outlook Express API\Launcher.exe" [2011-08-26 52224]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\Solveig Stokkevåg\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.3.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Aktivere Labtec trådløs skrivebordsløsning.lnk - c:\programfiler\Labtec trådløs skrivebordsløsning\MagicKey.exe [2006-4-15 258048]
ATI CATALYST-systemstatusfelt.lnk - c:\programfiler\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]
HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Personal.lnk - c:\programfiler\Personal\bin\Personal.exe [2011-10-3 1087896]
Picture Package Menu.lnk - c:\programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-2-2 151552]
Picture Package VCD Maker.lnk - c:\programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-2-2 106496]
Pro Magic Plus.lnk - c:\wasay\PROMAGIC\PlusStart.exe [2006-4-15 28672]
Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programfiler\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
.
R0 DiskFilt;DiskFilt;c:\windows\system32\drivers\DISKFILT.SYS [15.04.2006 00:14 8224]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [15.04.2006 00:55 11776]
R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 12:18 135664]
S2 WasayPMsv;WasayPMsv;c:\wasay\PROMAGIC\wspmsv.exe [15.04.2006 00:14 32768]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31.03.2012 09:25 257224]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\programfiler\Google\Update\GoogleUpdate.exe [30.01.2010 12:18 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [02.08.2012 11:57 27064]
S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?]
S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:45]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 10:18]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-01-30 10:18]
.
2012-08-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.google.no/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skanner skjulte prosesser ...
.
skanner skjulte autostart-oppføringer ...
.
skanner skjulte filer ...
.
skanning vellykket
skjulte filer: 0
.
**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1664)
c:\programfiler\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2012-08-04 14:27:07
ComboFix-quarantined-files.txt 2012-08-04 12:27
ComboFix2.txt 2012-08-04 10:18
.
Pre-Run: 9 776 812 032 byte ledig
Post-Run: 11 351 805 952 byte ledig
.
- - End Of File - - 2DE15B305CAE8452C4364C3C381A648C

Finner plutselig ikke igjen Malwarebytes. Kommer med den loggen senere.
Neste logg:
  • 0

#2 Solio

Solio

    Junior

  • Trådstarter
  • PipPip
  • 159 Innlegg:
  • System: Windows Xp Home Edition

Skrevet 04 August 2012 - 15:52

Her er loggen fra Malwarebytes. Kjørte en ny hurtigscann nå:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Databaseversjon: v2012.08.01.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Solveig Stokkevåg :: SOLVEIG-800C62C [administrator]

04.08.2012 15:44:16
mbam-log-2012-08-04 (15-44-16).txt

Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 200130
Tid tilbakelagt: 3 minutt(er), 59 sekund(er)

Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)

Mapper oppdaget: 0
(Ingen skadelige objekter funnet)

Filer oppdaget 0
(Ingen skadelige objekter funnet)

(klar)
  • 0

#3 pijano

pijano

    Forumadministrator

  • 4123 Innlegg:
  • System: Windows
  • Kjernekompetanse:PC-hjelp

Skrevet 04 August 2012 - 16:27

Det ser greit ut.
Hva har du hatt problemer med?
  • 0

#4 Solio

Solio

    Junior

  • Trådstarter
  • PipPip
  • 159 Innlegg:
  • System: Windows Xp Home Edition

Skrevet 04 August 2012 - 17:11

Mener du før viruset ble fjernet? Da var det alt mulig. Akkurat når og hvor jeg fikk viruset vet jeg ikke, men Pc'n har vært veldig treg i lang tid. For en tid tilbake kom det opp masse feilmeldinger, og det stod noe som fikk meg til å stusse. Husker ikke ordlyden, men det hadde noe med bank og betalings"måter" å gjøre. Jeg fikk vekk feilmeldingene og alt så tilsynelatende normalt u i flere uker. Så lukket nettleseren seg helt plutselig og dette Smart Check greiene begynte liksom å scanne og alt av mapper, programmer og filer var tilsynelatende borte. Etter det har viruset hindret meg i nesten alt jeg skulle gjøre. Har skrevet en del om det i den forrige tråden min. Diverse programmer prøvde å koble seg til nettet, bl.a. noe jeg trodde var en vanlig programoppdatering av Java, men det viste seg senere å være et virus.

Vet ikke om det var et problem med nettleseren eller noe annet, men flere måneder i forveien kom det stadig opp meldinger med beskjed om at et program har sluttet å virke og må lukkes osv. Send rapport / ikke send til Microsoft.. Jeg sendte vel aldri noe rapport.

Er alt av virusrester borte nå, slik at jeg kan legge inn nytt antivirusprogram, oppdatere diverse programmer osv.?

Combofix greide ikke å lage gjenopprettingskonsoll i dag, så det må jeg gjøre manuelt. Håper det går greit.
  • 0

#5 pijano

pijano

    Forumadministrator

  • 4123 Innlegg:
  • System: Windows
  • Kjernekompetanse:PC-hjelp

Skrevet 04 August 2012 - 17:30

Du burde lagt ut loggene i den andre tråden.
Se mitt siste svar der.

Gjenopprettingskonsoll måtte du evn ha lagt inn selv før Combofix kjørte: http://support.micro...om/kb/307654/no
Dette i tilfelle maskinen krasjet fullstendig og du har noe å gjennopprette fra.
Hvis du har XP-CD-en, så kan du kjøre gjenoppretting gjennom den.

Jeg er ingen ekspert, men PC-en din ser ren ut etter hva jeg kan se.
  • 0

#6 Solio

Solio

    Junior

  • Trådstarter
  • PipPip
  • 159 Innlegg:
  • System: Windows Xp Home Edition

Skrevet 04 August 2012 - 17:43

Flere av problemene som har vært:
En "blue-screen" melding kom opp med beskjed om at jeg måtte avinstallere programmer ( PC Tools og Malwarebytes), og en stop kode : 0x000000C2 (0x0000004 0, 0x00000000, 0x80000000, 0x00000000)

Noen meldinger som har kommet opp etter infeksjonen (men ikke etter kjøring av Combofix):
News Service har et problem og må lukkes
HP oppdatering: Det oppstod en feil i programmet fordi programbiblioteket mangler. Du må kanskje installere det på nytt.

Før rundene med Malwarebytes, Combofix osv. fikk jeg div. meldinger fra F-Secure med spørsmål om å blokkere: F.eks.: et program prøver å koble seg til nettet, et program har endret seg siden sist det ble brukt, eller det utgir seg for å være et eller annet program
Noen skadelige ting som ble funnet av bl.a. Malwarebytes er disse:
- Java/CVE-2012-1723F
- Generic Host Process for Win32 Server
- ImpishUnions2009
-Trojan.Phex.ThAGen4
  • 0

#7 Datasmurfen

Datasmurfen

    Junior

  • 470 Innlegg:
  • System: Windows 7 Home Premimum x64

Skrevet 31 August 2012 - 10:11

Har du forsatt problemer med dette?
  • 0

#8 pijano

pijano

    Forumadministrator

  • 4123 Innlegg:
  • System: Windows
  • Kjernekompetanse:PC-hjelp

Skrevet 31 August 2012 - 11:02

Har du forsatt problemer med dette?


Dette er den originale tråden som også gikk videre der etter loggene ble lagt ut her.
http://itpro.no/supp...l=&fromsearch=1
  • 0




0 bruker(e) leser dette emnet

0 brukere, 0 gjester, 0 anonyme brukere