The Ghost Skrevet 6. desember 2008 Del Skrevet 6. desember 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:15:31, on 06.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\System Control Manager\MSIService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\System Control Manager\MGSysCtrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Opera\opera.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [MGSysCtrl] C:\Programfiler\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Micro Star SCM - Unknown owner - C:\Programfiler\System Control Manager\MSIService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 5052 bytes Lenke til kommentar
raWrz Skrevet 6. desember 2008 Del Skrevet 6. desember 2008 (endret) HJT-loggen ser fin ut. Har du mistanke om malware, så kjører du gjennom veiledningen som du finner en link til øverst i signaturen min. Endret 6. desember 2008 av Submit Lenke til kommentar
The Ghost Skrevet 7. desember 2008 Forfatter Del Skrevet 7. desember 2008 Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1456 Windows 5.1.2600 Service Pack 3 07.12.2008 13:40:34 mbam-log-2008-12-07 (13-40-34).txt Skanntype: Rask Skann Objekter skannet: 45193 Tid tilbakelagt: 7 minute(s), 55 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
The Ghost Skrevet 7. desember 2008 Forfatter Del Skrevet 7. desember 2008 ComboFix 08-12-06.06 - Lasse 2008-12-07 13:47:47.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.518 [GMT 1:00] Kj°rer fra: c:\documents and settings\Lasse\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt [COLOR=RED][B]ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\vlc-0.9.6-win32.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-07 til 2008-12-07 ))))))))))))))))))))))))))))))))) . 2008-12-07 13:28 . 2008-12-07 13:28 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-07 13:28 . 2008-12-07 13:28 <DIR> d-------- c:\documents and settings\Lasse\Programdata\Malwarebytes 2008-12-07 13:28 . 2008-12-07 13:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-07 13:28 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-07 13:28 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-06 23:14 . 2008-12-06 23:14 <DIR> d-------- c:\programfiler\Trend Micro 2008-12-06 22:39 . 2008-12-06 22:38 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-06 16:38 . 2008-12-06 16:38 <DIR> d-------- C:\Download 2008-11-28 14:47 . 2008-11-28 14:47 <DIR> d-------- c:\documents and settings\Lasse\temp 2008-11-17 19:20 . 2008-11-17 19:20 <DIR> d-------- c:\documents and settings\Lasse\Programdata\uTorrent 2008-11-17 17:59 . 2008-12-06 21:30 <DIR> dr-h----- c:\documents and settings\Lasse\Siste 2008-11-11 21:00 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 14:27 . 2008-11-11 14:27 96 --a------ c:\windows\WirelessFTP.INI 2008-11-08 16:27 . 2008-11-08 16:27 <DIR> d-------- c:\documents and settings\Lasse\Programdata\OpenOffice.org 2008-11-08 16:24 . 2008-11-08 16:24 <DIR> d-------- c:\programfiler\OpenOffice.org 3 2008-11-08 16:14 . 2008-11-08 16:14 <DIR> d-------- c:\programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 21:38 --------- d-----w c:\programfiler\Java 2008-11-21 19:03 --------- d-----w c:\programfiler\Project64 1.6 2008-11-08 15:22 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-08 15:21 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-08 15:20 --------- d-----w c:\programfiler\CoreCodec 2008-10-26 13:44 742,443 ----a-w C:\FLASH.zip 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-20 17:50 --------- d-----w c:\programfiler\PowerISO 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-06 22:03 737,280 ----a-w c:\windows\iun6002.exe 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-07 18:45 28,672 ----a-w c:\windows\system32\AF15BDAEX.dll 2008-08-09 20:40 24 ----a-w c:\documents and settings\Lasse\jagex_runescape_preferences.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppf°ringer & gyldige standardoppf°ringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MGSysCtrl"="c:\programfiler\System Control Manager\MGSysCtrl.exe" [2008-06-10 782336] "ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-07 1261336] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-06 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RTHDCPL"="RTHDCPL.EXE" [2008-05-08 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-02-22 2938184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\vio\dvacm.acm [HKLM\~\startupfolder\C:^Documents and Settings^Lasse^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Lasse\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] -ra------ 2007-12-20 11:08 159744 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] -ra------ 2007-12-20 11:08 135168 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 08:23 1695232 c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] -ra------ 2007-12-20 11:07 131072 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-07-07 08:34 167936 c:\programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 19:50 1410296 d:\spill\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2008-01-12 11:18 1028096 c:\programfiler\Synaptics\SynTP\SynTPEnh.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "d:\\Spill\\Steam\\steamapps\\lassebjerkelund\\day of defeat source\\hl2.exe"= "d:\\Spill\\Steam\\steamapps\\lassebjerkelund\\counter-strike source\\hl2.exe"= "d:\\Spill\\Starcraft\\Starcraft\\StarCraft.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "d:\\Spill\\RA2\\GAME.EXE"= "d:\\Spill\\Steam\\steamapps\\lassebjerkelund\\team fortress 2\\hl2.exe"= "d:\\download\\utorrent.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-09 97928] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704] R2 Micro Star SCM;Micro Star SCM;c:\programfiler\System Control Manager\MSIService.exe [2008-06-12 159744] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [2008-06-12 156160] R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\DRIVERS\rtl8187Se.sys [2008-06-12 263680] S3 AF15BDA;AF9015 BDA Filter;c:\windows\system32\DRIVERS\AF15BDA.sys [] S3 iegdmini;iegdmini;c:\windows\system32\DRIVERS\iegdmini.sys [2008-08-11 342784] S3 lvds;lvds;c:\windows\system32\DRIVERS\lvds.sys [2008-08-11 6400] S3 sdvo;sdvo;c:\windows\system32\DRIVERS\sdvo.sys [2008-08-11 17920] S3 tv;tv;c:\windows\system32\DRIVERS\tv.sys [2008-08-11 30848] *Newly Created Service* - PROCEXP90 . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-DTVRemote - c:\programfiler\DTV\RemoteControl.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 13:51:06 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppf°ringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kj°rende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1196) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(1304) c:\windows\system32\avgrsstx.dll . Tidspunkt ferdig: 2008-12-07 13:50:18 ComboFix-quarantined-files.txt 2008-12-07 12:50:13 Pre-Run: 24 172 515 328 byte ledig Post-Run: 24,193,761,280 byte ledig 144 --- E O F --- 2008-11-12 02:02:34 ser vist ikke ut som om jeg har noen infiseringer, men noe er det et eller annet sted. Lenke til kommentar
raWrz Skrevet 7. desember 2008 Del Skrevet 7. desember 2008 kan du oppdatere mbam under oppdater tabben og ta en ny skann ? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå