rep_berry Skrevet 15. oktober 2009 Del Skrevet 15. oktober 2009 Hei! Har hatt trøbbel med tapi.lnk (en trojaner som Mbam tilsynelatende har fikset?) Pc'en med problemet har vært vanvittig treeg.. Fint om noen kunne se på loggene Mbam: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2967 Windows 5.1.2600 Service Pack 3 15.10.2009 13:26:00 mbam-log-2009-10-15 (13-26-00).txt Skanntype: Rask Skann Objekter skannet: 122556 Tid tilbakelagt: 10 minute(s), 30 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 0 Registerfiler infisert: 4 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-10-14.09 - kristian 15.10.2009 13:52.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.479.262 [GMT 2:00] Kjører fra: c:\documents and settings\kristian\Skrivebord\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\5b26e13.msp c:\windows\system32\proquota.exe manglet Gjenopprettet kopi fra - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-15 til 2009-10-15 ))))))))))))))))))))))))))))))))) . 2009-10-15 11:56 . 2008-04-14 16:23 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-15 11:56 . 2008-04-14 16:23 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-15 11:13 . 2009-10-15 11:13 -------- d-----w- c:\documents and settings\kristian\Programdata\Malwarebytes 2009-10-15 11:12 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-15 11:12 . 2009-10-15 11:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-10-15 11:12 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-15 11:12 . 2009-10-15 11:12 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-10-13 10:01 . 2009-10-13 10:01 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-10-13 10:00 . 2009-10-13 10:01 -------- d-----w- c:\programfiler\SUPERAntiSpyware 2009-10-13 10:00 . 2009-10-13 10:00 -------- d-----w- c:\documents and settings\kristian\Programdata\SUPERAntiSpyware.com 2009-10-13 09:59 . 2009-10-13 09:59 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-10-05 11:09 . 2009-10-05 11:10 8550488 ----a-w- c:\temp\GATShipExport.zip 2009-09-25 07:59 . 2009-10-05 11:10 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 11:39 . 2009-09-01 07:23 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8 2009-10-15 10:23 . 2006-02-07 13:29 -------- d-----w- c:\programfiler\Axis Communications 2009-10-15 10:23 . 2006-02-07 14:12 -------- d-----w- c:\programfiler\Deluxe Ski Jump 3 2009-10-15 09:03 . 2007-07-16 12:47 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater 2009-10-13 09:52 . 2009-09-01 08:27 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2009-10-13 09:49 . 2009-09-01 08:27 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-10-13 09:38 . 2005-11-07 14:12 -------- d-----w- c:\programfiler\Java 2009-09-11 14:20 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-01 07:23 . 2009-09-01 07:23 -------- d-----w- c:\programfiler\AVG 2009-08-29 08:00 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-06 17:24 . 2005-08-29 09:22 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2005-08-29 09:22 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2005-08-29 10:43 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2005-08-29 09:22 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2005-08-29 09:22 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2005-08-29 09:22 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-08-12 02:13 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2007-07-30 17:18 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2005-08-29 09:22 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:30 . 2004-08-04 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:30 . 2004-08-04 00:58 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-25 03:23 . 2009-02-15 11:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 16:22 . 2004-08-04 12:00 1436672 ----a-w- c:\windows\system32\query.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2007-03-02 949376] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2004-11-12 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-8-29 331776] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Danware Data\\NetOp Remote Control\\Host\\NHSTW32.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2006161);c:\windows\system32\drivers\NHOSTNT1.SYS [27.11.2006 14:02 91408] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [02.03.2007 10:50 15424] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [15.09.2009 11:42 9968] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [15.09.2009 11:42 74480] R2 NetOp Host for NT Service;NetOp Helper ver. 9.00 (2006161);c:\programfiler\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE [27.11.2006 14:02 1212688] R3 NHOSTNT3;NetOp Driver 3 ver. 9.00 (2006161) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [27.11.2006 14:02 3216] R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [15.09.2009 11:42 7408] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [28.02.2007 07:38 91008] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-15 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-16 06:35] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.31.236.60/activex/AMC.cab . - - - - TOMME PEKERE FJERNET - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-AirportTycoon2Setup.exe - c:\downlo~1\AIRPOR~1.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-15 14:01 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(592) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\imon.dll - - - - - - - > 'lsass.exe'(648) c:\windows\system32\imon.dll . Tidspunkt ferdig: 2009-10-15 14:03 ComboFix-quarantined-files.txt 2009-10-15 12:03 Pre-Run: 147 306 889 216 byte ledig Post-Run: 149 071 831 040 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 165 --- E O F --- 2009-10-15 10:45 Lenke til kommentar
norbat Skrevet 15. oktober 2009 Del Skrevet 15. oktober 2009 Er pc'n fortsatt treg? Fra kjør-feltet (start->kjør), skriv sfc /scannow. Mulig du trenger xp cd'n Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå