Gå til innhold

Mulig trojansk hest, trenger noen tips til å finne den og fjerne den.

Nedward

Av Nedward
i IKT-drift og sikkerhet

Anbefalte innlegg

Nedward

Nedward

Skrevet
Skrevet

jeg har i den siste tiden fått sterke misstanker om at jeg har blitt infisert av noe lugubert. Explorer.exe blir stoppet av "data execution prevention" et par ganger om dagen, og det eneste jeg kan gjøre er godta det. Det ser ut til å kun skje når jeg blar i mapper (filtyper har ikke noe si etter hva jeg har observert).

Pr. nå bruker jeg avast antivirus, og det blir oppdatert hver gang det er noe å oppdatere. Jeg har kjørt en del scan siden jeg oppdaget problemet, uten å finne noe. Grunnen til at jeg nå begynner å bli veldig bekymret er fordi det ser ut til å ha laget en bakdør/keylogget meg når jeg har brukt hotmailkontoen min, da jeg plutselig fikk 14 mailer om at levering har misslyktes, samt at en av spammailene ble sendt til en annen mailkonto jeg har.

 

Er det til noen hjelp så er innholdet i spammailene som har blitt sendt ut som følgende(har lagt til mellomrom i url):

Hi  friends:
A few days ago I found a lot of things http:// lc.qk.80. hk  this site,gps ,TV LCD,cell  phones,ps3,MP3/4,motorcycles and etc........ 
Email: [email protected]
Wish you a happy shopping!
Qqxg

 

Jeg bruker forresten Windwos XP med alle oppdateringer på den infiserte maskinen.

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Nedward

Nedward

Skrevet
  • Forfatter
Skrevet

Tenk at jeg ikke leste sticky først. :blush:

 

Her er loggene etter scan.

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4712

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

28.09.2010 21:09:50

mbam-log-2010-09-28 (21-09-50).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 130498

Tid tilbakelagt: 2 minutt(er), 7 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

(Ingen skadelige objekter funnet)

 

 

 

og

 

 

 

ComboFix 10-09-27.05 - Nils 28.09.2010 20:57:05.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2919 [GMT 2:00]

Running from: h:\documents and settings\Nils\Local Settings\Application Data\Opera\Opera\temporary_downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

 

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))

.

 

2010-09-28 18:46 . 2010-09-28 18:46 -------- d-----w- h:\documents and settings\Nils\Application Data\Malwarebytes

2010-09-28 18:46 . 2010-04-29 13:39 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys

2010-09-28 18:46 . 2010-09-28 18:46 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-28 18:46 . 2010-04-29 13:39 20952 ----a-w- h:\windows\system32\drivers\mbam.sys

2010-09-28 18:46 . 2010-09-28 18:46 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware

2010-09-22 16:32 . 2010-09-25 06:02 -------- d-----w- h:\documents and settings\Nils\Application Data\vlc

2010-09-05 16:14 . 2010-09-05 16:14 -------- d-----w- h:\program files\CREVIS

2010-09-05 16:14 . 2010-09-05 16:14 65536 ----a-w- h:\windows\IFinst27.exe

2010-09-05 07:05 . 2010-09-05 06:50 185640 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll

2010-09-05 07:05 . 2010-09-05 07:05 56765 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-05 07:05 . 2010-09-05 07:05 56997 ----a-w- h:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-09-05 07:05 . 2010-09-05 07:05 57691 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-09-05 07:05 . 2010-09-05 07:05 53600 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-09-05 07:05 . 2010-09-05 07:05 84063 ----a-w- h:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-09-05 07:05 . 2010-09-05 07:05 54153 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-08-30 13:44 . 2010-08-30 13:44 -------- d-----w- h:\documents and settings\NetworkService\Local Settings\Application Data\Google

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-28 18:51 . 2010-05-15 16:07 17488 ----a-w- h:\windows\gdrv.sys

2010-09-28 18:51 . 2010-05-15 21:31 -------- d-----w- h:\documents and settings\All Users\Application Data\Norton

2010-09-28 18:49 . 2010-05-15 16:25 -------- d-----w- h:\documents and settings\Nils\Application Data\Skype

2010-09-28 18:45 . 2010-06-03 12:04 234280 ----a-w- h:\windows\system32\PnkBstrB.exe

2010-09-28 17:27 . 2010-06-03 12:04 137976 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys

2010-09-28 17:27 . 2010-05-15 21:05 -------- d-----w- h:\documents and settings\Nils\Application Data\uTorrent

2010-09-28 14:05 . 2010-05-15 16:25 -------- d-----w- h:\documents and settings\Nils\Application Data\skypePM

2010-09-25 16:10 . 2010-06-27 14:35 -------- d-----w- h:\documents and settings\Nils\Application Data\Spotify

2010-09-24 12:40 . 2010-06-03 12:04 75064 ----a-w- h:\windows\system32\PnkBstrA.exe

2010-09-20 15:32 . 2010-06-24 16:14 -------- d-----w- h:\documents and settings\Nils\Application Data\dvdcss

2010-09-18 13:10 . 2010-08-22 07:06 1 ----a-w- h:\documents and settings\Nils\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-09-09 23:58 . 2010-05-15 16:04 -------- d-----w- h:\program files\Opera

2010-09-07 15:12 . 2010-06-29 19:57 38848 ----a-w- h:\windows\avastSS.scr

2010-09-07 15:11 . 2010-06-10 20:31 167592 ----a-w- h:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2010-06-10 20:32 46672 ----a-w- h:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2010-06-10 20:32 165584 ----a-w- h:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2010-06-10 20:32 23376 ----a-w- h:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2010-06-10 20:32 100176 ----a-w- h:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2010-06-10 20:32 94544 ----a-w- h:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2010-06-10 20:32 17744 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2010-06-10 20:32 28880 ----a-w- h:\windows\system32\drivers\aavmker4.sys

2010-09-06 08:42 . 2010-05-15 21:22 -------- d--h--w- h:\program files\InstallShield Installation Information

2010-09-05 07:43 . 2010-08-20 18:03 57344 ----a-w- h:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-05 07:05 . 2010-08-20 17:58 -------- d-----w- h:\program files\DivX

2010-09-05 07:05 . 2010-08-20 17:58 -------- d-----w- h:\documents and settings\All Users\Application Data\DivX

2010-09-05 06:50 . 2010-08-20 18:02 850200 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-09-05 06:50 . 2010-08-20 18:02 1062184 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-09-05 06:50 . 2010-08-20 17:58 144696 ----a-w- h:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-09-05 06:48 . 2010-05-15 21:06 -------- d-----w- h:\program files\uTorrent

2010-08-30 13:44 . 2010-05-15 15:35 67192 ----a-w- h:\documents and settings\Nils\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-29 05:29 . 2010-08-29 05:29 -------- d-----w- h:\program files\Bohemia Interactive

2010-08-22 07:06 . 2010-08-22 07:06 -------- d-----w- h:\documents and settings\Nils\Application Data\OpenOffice.org

2010-08-21 14:46 . 2010-08-20 18:02 -------- d-----w- h:\documents and settings\Nils\Application Data\DivX

2010-08-20 18:01 . 2010-08-20 18:01 -------- d-----w- h:\program files\JRE

2010-08-20 18:01 . 2010-08-20 18:01 -------- d-----w- h:\program files\OpenOffice.org 3

2010-08-20 18:01 . 2010-08-20 18:01 57054 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 54166 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 17:58 -------- d-----w- h:\program files\Google

2010-08-20 18:01 . 2010-08-20 18:01 57532 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 56458 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 54174 ----a-w- h:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 54128 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 54644 ----a-w- h:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 54101 ----a-w- h:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-08-20 18:01 . 2010-08-20 18:01 57409 ----a-w- h:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-08-20 18:00 . 2010-08-20 18:00 52963 ----a-w- h:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-08-20 18:00 . 2010-08-20 18:00 -------- d-----w- h:\program files\Common Files\DivX Shared

2010-08-20 18:00 . 2010-08-20 18:00 54073 ----a-w- h:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-08-20 18:00 . 2010-08-20 18:00 56969 ----a-w- h:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-08-20 18:00 . 2010-05-15 16:22 -------- d-----w- h:\program files\Java

2010-08-11 20:47 . 2010-08-11 20:47 -------- d-----w- h:\documents and settings\Nils\Application Data\National Instruments

2010-08-11 20:45 . 2010-08-11 20:45 -------- d-----w- h:\program files\Common Files\Bcgsoft

2010-08-11 20:42 . 2010-08-11 20:42 -------- d-----w- h:\program files\HI-TECH Software

2010-08-11 20:42 . 2010-08-11 20:40 -------- d-----w- h:\program files\National Instruments

2010-08-11 20:42 . 2010-08-11 20:40 -------- d-----w- h:\program files\Common Files\Merge Modules

2010-08-11 20:40 . 2010-08-11 20:40 -------- d-----w- h:\documents and settings\All Users\Application Data\National Instruments

2010-08-11 18:29 . 2010-08-11 18:29 -------- d-----w- h:\program files\NVIDIA Corporation

2010-08-08 15:37 . 2010-08-08 15:37 -------- d-----w- h:\documents and settings\Nils\Application Data\.minecraft

2010-08-08 15:37 . 2010-08-08 15:37 -------- d-----w- h:\program files\Common Files\Java

2010-08-07 08:37 . 2010-08-07 08:37 503808 ----a-w- h:\documents and settings\Nils\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e040370-n\msvcp71.dll

2010-08-07 08:37 . 2010-08-07 08:37 499712 ----a-w- h:\documents and settings\Nils\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e040370-n\jmc.dll

2010-08-07 08:37 . 2010-08-07 08:37 348160 ----a-w- h:\documents and settings\Nils\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e040370-n\msvcr71.dll

2010-08-07 08:37 . 2010-08-07 08:37 61440 ----a-w- h:\documents and settings\Nils\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6c39999f-n\decora-sse.dll

2010-08-07 08:37 . 2010-08-07 08:37 12800 ----a-w- h:\documents and settings\Nils\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6c39999f-n\decora-d3d.dll

2010-08-06 13:14 . 2010-08-05 19:42 47364 ----a-w- h:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-08-05 19:42 . 2010-08-05 03:36 -------- d-----w- h:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-08-05 19:30 . 2010-08-04 21:18 -------- d-----w- h:\program files\Common Files\Blizzard Entertainment

2010-08-05 05:06 . 2010-08-05 05:06 158662 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2010-08-05 05:06 . 2010-08-05 05:06 158662 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-1606980848-1801674531-1003-0.dat

2010-08-04 20:21 . 2010-08-04 20:19 188128 ----a-w- h:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2010-08-04 20:20 . 2010-08-04 20:18 -------- d-----w- h:\program files\Microsoft Visual Studio 10.0

2010-08-04 20:20 . 2010-08-04 20:20 -------- d-----w- h:\program files\Microsoft SQL Server

2010-08-04 20:20 . 2010-08-04 20:20 -------- d-----w- h:\program files\Microsoft Synchronization Services

2010-08-04 20:20 . 2010-08-04 20:20 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition

2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- h:\program files\Microsoft SDKs

2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- h:\program files\Microsoft Help Viewer

2010-08-04 20:18 . 2010-05-16 08:28 -------- d-----w- h:\program files\Microsoft.NET

2010-08-03 17:35 . 2010-07-25 04:35 -------- d-----w- h:\program files\Kalypso

2010-07-31 19:10 . 2010-07-31 19:10 4608 ----a-w- h:\windows\system32\w95inf32.dll

2010-07-31 19:10 . 2010-07-31 19:10 2272 ----a-w- h:\windows\system32\w95inf16.dll

2010-07-30 19:40 . 2010-07-30 19:40 -------- d-----w- h:\program files\Paradox Interactive

2010-07-30 19:39 . 2010-05-15 21:22 -------- d-----w- h:\program files\Common Files\InstallShield

2010-07-17 03:00 . 2010-05-15 16:22 423656 ----a-w- h:\windows\system32\deployJava1.dll

2010-07-07 02:27 . 2010-05-15 16:02 5069312 ----a-w- h:\windows\system32\drivers\ati2mtag.sys

2010-07-07 01:58 . 2010-05-15 16:02 53248 ----a-w- h:\windows\system32\aticalrt.dll

2010-07-07 01:58 . 2010-05-15 16:02 53248 ----a-w- h:\windows\system32\aticalcl.dll

2010-07-07 01:57 . 2010-05-15 16:02 4337664 ----a-w- h:\windows\system32\aticaldd.dll

2010-07-07 01:53 . 2010-05-15 16:02 15499264 ----a-w- h:\windows\system32\atioglxx.dll

2010-07-07 01:50 . 2010-05-15 16:02 311296 ----a-w- h:\windows\system32\atiiiexx.dll

2010-07-07 01:48 . 2010-05-15 16:02 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll

2010-07-07 01:47 . 2010-05-15 16:02 299520 ----a-w- h:\windows\system32\ati2dvag.dll

2010-07-07 01:41 . 2010-05-15 16:02 3869952 ----a-w- h:\windows\system32\ati3duag.dll

2010-07-07 01:33 . 2010-05-15 16:02 208896 ----a-w- h:\windows\system32\atipdlxx.dll

2010-07-07 01:32 . 2010-05-15 16:02 155648 ----a-w- h:\windows\system32\Oemdspif.dll

2010-07-07 01:32 . 2010-05-15 16:02 26112 ----a-w- h:\windows\system32\Ati2mdxx.exe

2010-07-07 01:32 . 2010-05-15 16:02 43520 ----a-w- h:\windows\system32\ati2edxx.dll

2010-07-07 01:32 . 2010-05-15 16:02 159744 ----a-w- h:\windows\system32\ati2evxx.dll

2010-07-07 01:31 . 2010-05-15 16:02 602112 ----a-w- h:\windows\system32\ati2evxx.exe

2010-07-07 01:29 . 2010-05-15 16:02 53248 ----a-w- h:\windows\system32\ATIDDC.DLL

2010-07-07 01:29 . 2010-05-15 16:02 143360 ----a-w- h:\windows\system32\atiapfxx.exe

2006-01-23 08:32 . 2006-01-23 08:32 131072 ----a-w- h:\program files\internet explorer\plugins\LV80ActiveXControl.dll

2006-06-07 12:40 . 2006-06-07 12:40 132848 ----a-w- h:\program files\internet explorer\plugins\LV82ActiveXControl.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 13:23 1385864 ----a-w- h:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "h:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "h:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 06:55 87304 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="x:\program files\steam\steam.exe" [2010-08-30 1242448]

"Skype"="h:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"uTorrent"="h:\program files\uTorrent\uTorrent.exe" [2010-08-30 328568]

"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"JMB36X IDE Setup"="h:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="h:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]

"NUSB3MON"="h:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]

"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"LogMeIn Hamachi Ui"="h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]

"avast5"="h:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI2"=MYokeNT.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39 1164584 ----a-w- h:\program files\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

2010-04-07 13:00 5758976 ----a-w- g:\nyttige programmer\eMule0.50a\eMule0.50a\emule.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 ----a-w- h:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PnkBstrB"=2 (0x2)

"PnkBstrA"=2 (0x2)

"Apache2.2"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"h:\\Program Files\\Opera\\opera.exe"=

"x:\\Program Files\\Steam\\Steam.exe"=

"h:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"h:\\Program Files\\uTorrent\\uTorrent.exe"=

"x:\\Program\\EA GAMES\\Command and Conquer Generals\\game.dat"=

"x:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=

"x:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

"h:\\WINDOWS\\system32\\PnkBstrA.exe"=

"h:\\WINDOWS\\system32\\PnkBstrB.exe"=

"h:\\Program Files\\Spotify\\spotify.exe"=

"h:\\Program Files\\Messenger\\msmsgs.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\CNC3.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 tiberium wars\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"x:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"x:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 - kane's wrath\\CNC3EP1.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 - kane's wrath\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

"x:\\Program Files\\Steam\\steamapps\\common\\command and conquer 3 - kane's wrath\\RetailExe\\1.2\\cnc3ep1.dat"=

"h:\\Python26\\pythonw.exe"=

"x:\\Apps\\Programmering\\PHP\\Blumentals.Rapid.PHP.2010.v10.0.2.118\\rapidphp.exe"=

"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=

"g:\\Program Files\\StarCraft II\\StarCraft II.exe"=

"g:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.EXE"=

"g:\\Nyttige programmer\\eMule0.50a\\eMule0.50a\\emule.exe"=

"x:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4X.exe"=

"x:\\Program Files\\S.W.A.T. 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=

"x:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=

"h:\\Program Files\\Bohemia Interactive\\ArmA 2\\arma2.exe"=

"h:\\Program Files\\Skype\\Phone\\Skype.exe"=

"x:\\Program Files\\Steam\\steamapps\\djelmo\\counter-strike source\\hl2.exe"=

"x:\\Program Files\\Steam\\steamapps\\djelmo\\garrysmod\\hl2.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

"x:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=

 

R1 aswSP;aswSP;h:\windows\system32\drivers\aswSP.sys [10.06.2010 22:32 165584]

R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [10.06.2010 22:32 17744]

R2 ES lite Service;ES lite Service for program management.;h:\program files\Gigabyte\EasySaver\essvr.exe [15.05.2010 23:22 68136]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [30.03.2010 11:16 1107336]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;h:\windows\system32\drivers\MijXfilt.sys [28.07.2010 20:36 51712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S2 gupdate;Googles oppdateringstjeneste (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [20.08.2010 19:58 135664]

S3 Ambfilt;Ambfilt;h:\windows\system32\drivers\Ambfilt.sys [15.05.2010 23:22 1684736]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;h:\windows\system32\drivers\libusb0.sys [28.07.2010 19:46 33792]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;h:\windows\system32\drivers\nusb3hub.sys [25.09.2009 16:57 56576]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;h:\windows\system32\drivers\nusb3xhc.sys [25.09.2009 16:57 138240]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

S4 Apache2.2;Apache2.2;h:\xampp\xampp\apache\bin\httpd.exe [06.07.2010 21:16 29416]

S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [18.05.2010 20:17 691696]

.

Contents of the 'Scheduled Tasks' folder

 

2010-09-28 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- h:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 17:58]

 

2010-09-28 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- h:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 17:58]

 

2010-09-28 h:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- h:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-28 21:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

h:\windows\system32\MYokeNT.DLL

h:\windows\system32\Ati2evxx.dll

h:\windows\system32\atiadlxx.dll

 

- - - - - - - > 'lsass.exe'(860)

h:\windows\system32\MYokeNT.DLL

.

Completion time: 2010-09-28 21:02:53

ComboFix-quarantined-files.txt 2010-09-28 19:02

 

Pre-Run: 11 703 410 688 bytes free

Post-Run: 12 917 379 072 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(2)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - B4AE3008966F8E51B625B3AA11B27A06

 

 

 

Håper dette er til hjelp.

Lenke til kommentar
cocopara

cocopara

Skrevet
Skrevet

Anbefaler hitmanpro.nl. Denne bruker rundt 5 engines (antimalware) deriblant Eset, G-data og flere andre, og er fantastisk til og supplementere Malwarebytes (selv om dem er jevngode). Den bruker rundt 1-2 minutter på og scanne og går gjennom internet (cloud), du kan få den i 30 dagers Trial.

 

Om du ikke finner noe tviler jeg på at du har en infeksjon, mest sannsynelig noen som har fått tilgang til din email konti, anbefaler deg og bytte passord.

 

Anbefaler hitmanpro.nl. Denne bruker rundt 5 engines (antimalware) deriblant Eset, G-data og flere andre, og er fantastisk til og supplementere Malwarebytes (selv om dem er jevngode). Den bruker rundt 1-2 minutter på og scanne og går gjennom internet (cloud), du kan få den i 30 dagers Trial.

 

Om du ikke finner noe tviler jeg på at du har en infeksjon, mest sannsynelig noen som har fått tilgang til din email konti, anbefaler deg og bytte passord.

 

Keyloggers er veldig ekle greier. Har selv lagd etpar som slår av Task Manager, gir deg error og kan ikke fjernes om du ikke bruker noe skikkelig kraftig som og bruke "untrust a program" I comodo. Selv ikke Malwarebytes sin Fileassasin klarte og fjerne keyloggeren etter at jeg ved en feiltagelse brukte den på meg selv.

 

Anbefaler på det sterkeste og ha Avast, Comodo brannmur (om ikke Avast har), Malwarebytes og Hitmanpro. :).

Lenke til kommentar
Nedward

Nedward

Skrevet
  • Forfatter
Skrevet

Om du ikke finner noe tviler jeg på at du har en infeksjon, mest sannsynelig noen som har fått tilgang til din email konti, anbefaler deg og bytte passord.

Er faktisk talt ikke sikker på om jeg er infisert eller ikke. Malwarebytes fant ingen ting, men å analysere loggen fra Combofix trenger jeg litt hjelp til.

Passord har jeg byttet to ganger siden jeg oppdaget at den sendte mail av seg selv. Det har ikke ført noen vei (derfor tror jeg at det er noe på maskinen min).

Men som du sier så kan det godt finnes malware som ikke gjenkjennes av AV.

Jeg tviler faktisk på at det er evt. malware som lukker explorer.exe, i og med at jeg får beskjeden fra Data Execution Prevention, som er en komponent i WinXP. I mitt øymed virker det som at noe prøver å gjøre noe det ikke skal, og blir stoppet av Windows.

Lenke til kommentar
cocopara

cocopara

Skrevet
Skrevet

Om du ikke finner noe tviler jeg på at du har en infeksjon, mest sannsynelig noen som har fått tilgang til din email konti, anbefaler deg og bytte passord.

Er faktisk talt ikke sikker på om jeg er infisert eller ikke. Malwarebytes fant ingen ting, men å analysere loggen fra Combofix trenger jeg litt hjelp til.

Passord har jeg byttet to ganger siden jeg oppdaget at den sendte mail av seg selv. Det har ikke ført noen vei (derfor tror jeg at det er noe på maskinen min).

Men som du sier så kan det godt finnes malware som ikke gjenkjennes av AV.

Jeg tviler faktisk på at det er evt. malware som lukker explorer.exe, i og med at jeg får beskjeden fra Data Execution Prevention, som er en komponent i WinXP. I mitt øymed virker det som at noe prøver å gjøre noe det ikke skal, og blir stoppet av Windows.

 

Ikke bruk Combofix, et ræl av et program. Det burde ikke brukes av personer som for eksempel deg som IKKE trenger det (trenger det ikke selv). kjør en scan med Malwarebytes, om det kommer ut rent er du ikke infisert!.

Lenke til kommentar
Nedward

Nedward

Skrevet
  • Forfatter
Skrevet

Takk for hjelpen. :)

 

Ja, explorer.exe blir stoppet i tide og utide. Hvorvidt hotmail fortsatt sender spam er jeg usikker på, men fikk vite av en venn i dag at det har skjedd ganske mange ganger de siste 4-5 ukene.

Noe rart er det i alle fall. Kan jo hende at det er noe i OSet som er blitt feil (tenker da på problemet med explorer.exe). Det ville ikke vært første gang det skjer.

Hotmailen er egentlig ikke så farlig, har planer om å leie meg en egen mailserver uansett.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...