Fjerning av virus, trojaner

Tempuz · 4. februar 2009

Hei =)

Jeg bruker antivirusprogrammet Avast! til vanlig. Den har nå rapportert at den har funnet en trojaner, men klarer ikke fjerne det. Jeg har derfor lastet ned MBAM og Combofix.

Logger:

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-02-03.01 - Silly 2009-02-04 12:50:18.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.502.260 [GMT 1:00]

Kjører fra: c:\documents and settings\Silly\Skrivebord\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\AdCache

c:\windows\system32\cache329

c:\windows\system32\P2P Networking

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-04 til 2009-02-04 )))))))))))))))))))))))))))))))))

.

2009-02-04 12:33 . 2009-02-04 12:33 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-02-04 12:33 . 2009-02-04 12:33 <DIR> d-------- c:\documents and settings\Silly\Programdata\Malwarebytes

2009-02-04 12:33 . 2009-02-04 12:33 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes

2009-02-04 12:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-02-04 12:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-01-29 17:45 . 2009-01-29 17:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\HP Product Assistant

2009-01-29 17:45 . 2009-01-29 17:45 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini

2009-01-29 17:41 . 2009-01-29 17:41 234 --a------ c:\windows\PrnHlpLogConfig.ini

2009-01-29 17:41 . 2009-01-29 17:41 214 --a------ c:\windows\HP_InstantSHareJPG.ini

2009-01-29 17:40 . 2009-01-29 17:40 217 --a------ c:\windows\HP_IZClosingDiscErrorPatch.ini

2009-01-29 17:36 . 2009-01-29 17:36 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini

2009-01-29 01:32 . 2009-01-29 01:32 <DIR> d-------- c:\programfiler\Microsoft CAPICOM 2.1.0.2

2009-01-29 01:30 . 2009-01-29 01:30 <DIR> d-------- c:\programfiler\MSXML 4.0

2009-01-26 21:37 . 2009-01-26 21:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\HP

2009-01-26 21:36 . 2009-01-26 21:36 <DIR> d-------- c:\programfiler\Fellesfiler\Sonic Shared

2009-01-26 21:36 . 2009-01-26 21:36 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Sonic

2009-01-26 21:35 . 2009-01-26 21:35 <DIR> d-------- c:\programfiler\Fellesfiler\HP

2009-01-26 21:30 . 2009-01-26 21:30 <DIR> d-------- c:\programfiler\Fellesfiler\Hewlett-Packard

2009-01-26 21:30 . 2005-03-08 06:52 51,120 -ra------ c:\windows\SYSTEM32\DRIVERS\HPZid412.sys

2009-01-26 21:30 . 2005-03-08 06:52 16,496 -ra------ c:\windows\SYSTEM32\DRIVERS\HPZipr12.sys

2009-01-26 21:29 . 2005-03-15 21:36 77,824 -ra------ c:\windows\SYSTEM32\hpzids01.dll

2009-01-26 21:29 . 2005-05-05 08:51 37,376 --a------ c:\windows\SYSTEM32\hpz3l3xu.dll

2009-01-26 21:29 . 2005-03-08 06:52 21,744 -ra------ c:\windows\SYSTEM32\DRIVERS\HPZius12.sys

2009-01-26 21:26 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-01-26 21:26 . 2004-09-29 12:12 278,584 --a------ c:\windows\SYSTEM32\HPZidr12.dll

2009-01-26 21:26 . 2004-09-29 12:15 204,800 --a------ c:\windows\SYSTEM32\HPZipr12.dll

2009-01-26 21:26 . 2004-09-29 12:09 94,208 --a------ c:\windows\SYSTEM32\HPZipt12.dll

2009-01-26 21:26 . 2007-08-09 08:27 73,728 --a------ c:\windows\SYSTEM32\HPZipm12.exe

2009-01-26 21:26 . 2004-09-29 12:08 61,440 --a------ c:\windows\SYSTEM32\HPZinw12.exe

2009-01-26 21:26 . 2004-09-29 12:09 57,344 --a------ c:\windows\SYSTEM32\HPZisn12.dll

2009-01-26 21:24 . 2009-01-29 17:46 <DIR> d-------- c:\programfiler\HP

2009-01-26 21:24 . 2004-08-03 23:01 25,856 --a------ c:\windows\SYSTEM32\DRIVERS\usbprint.sys

2009-01-26 21:24 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\SYSTEM32\DLLCACHE\usbprint.sys

2009-01-26 21:20 . 2009-01-26 21:43 88,603 --a------ c:\windows\hpoins06.dat

2009-01-26 21:20 . 2005-06-03 08:48 5,389 --------- c:\windows\hpomdl06.dat

2009-01-26 21:19 . 2009-01-26 21:19 <DIR> d-------- c:\documents and settings\Silly\Programdata\HP

2009-01-18 17:51 . 2009-01-18 17:50 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

2009-01-07 18:40 . 2009-01-07 18:40 <DIR> d-------- c:\documents and settings\Silly\Programdata\Creative

2009-01-07 17:38 . 2000-05-22 09:58 647,872 --------- c:\windows\SYSTEM32\Mscomct2.ocx

2009-01-07 17:38 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe

2009-01-07 17:34 . 1999-12-12 18:01 44,032 --------- c:\windows\SYSTEM32\CTSVCCDA.EXE

2009-01-07 17:34 . 1999-11-17 18:00 25,088 --------- c:\windows\SYSTEM32\CTSVCCTL.EXE

2009-01-07 17:30 . 2009-01-07 17:38 <DIR> d-------- c:\programfiler\Creative

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 15:20 139,264 ----a-w c:\windows\SYSTEM32\hpzjrd01.dll

2009-01-18 16:50 --------- d-----w c:\programfiler\Java

2009-01-15 21:32 --------- d-----w c:\programfiler\Starcraft

2009-01-07 16:32 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2008-12-13 21:45 --------- d-----w c:\programfiler\Windows Media Connect 2

2008-12-13 18:26 --------- d-----w c:\documents and settings\Silly\Programdata\dvdcss

2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-06 14:09 223,128 ----a-w c:\windows\system32\drivers\vaxscsi.sys

2008-12-06 14:09 --------- d-----w c:\programfiler\Alcohol Soft

2008-11-12 17:32 94,208 ----a-w c:\windows\ScUnin.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Rainlendar638"="c:\programfiler\Rainlendar\Rainlendar.exe" [2006-01-21 118784]

"Alcohol 52%"="c:\programfiler\Alcohol Soft\Alcohol 52\Alcohol.exe" [2006-09-26 1185152]

"Creative Detector"="c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-18 136600]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

HP Image Zone Hurtigstart.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Starcraft\\StarCraft.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-08-12 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2008-08-12 20560]

--- Andre tjenester/drivere lastet i minnet ---

*Deregistered* - mchInjDrv

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-12-19 c:\windows\Tasks\1-Click Maintenance.job

- c:\programfiler\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35]

2008-10-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-04 c:\windows\Tasks\HPpromotions journeysoftware.job

- c:\programfiler\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]

2009-01-26 c:\windows\Tasks\WebReg Photosmart 2570 series.job

- c:\programfiler\HP\Digital Imaging\bin\hpqwrg.exe [2006-06-07 16:45]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://google.no/

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Silly\Programdata\Mozilla\Firefox\Profiles\l1cuoyvx.default\

FF - prefs.js: browser.startup.homepage - google.no

FF - plugin: c:\programfiler\Vizky\npVizky.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-04 12:54:12

Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(580)

c:\programfiler\TuneUp Utilities 2006\WinStylerThemeHelper.dll

.

Tidspunkt ferdig: 2009-02-04 12:55:51

ComboFix-quarantined-files.txt 2009-02-04 11:55:48

Pre-Run: 40 719 081 472 byte ledig

Post-Run: 40,865,927,168 byte ledig

164 --- E O F --- 2009-01-29 22:54:59

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1725

Windows 5.1.2600 Service Pack 2

04.02.2009 12:44:03

mbam-log-2009-02-04 (12-44-03).txt

Skanntype: Rask Skann

Objekter skannet: 64200

Tid tilbakelagt: 6 minute(s), 11 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: