Mistanke om malware. SAS-logg vedlagt

[Looke]

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 22:56:18, on 16.03.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Programfiler\UltraMon\UltraMon.exe

C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Programfiler\ATI Multimedia\RemCtrl\ATIRW.EXE

C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

C:\Programfiler\UltraMon\UltraMonTaskbar.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\UltraVNC\winvnc.exe

C:\Programfiler\mIRC\mirc.exe

C:\Programfiler\Steam\steam.exe

C:\Program Files\VentriloMIX\TeamSpeakRC2 2.0.32.60.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\uTorrent\uTorrent.exe

C:\Programfiler\Winamp\winamp.exe

C:\Documents and Settings\Simonowns\Skrivebord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ultraMon] "C:\Programfiler\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [ATI Remote Control] C:\Programfiler\ATI Multimedia\RemCtrl\ATIRW.EXE

O4 - HKCU\..\Run: [bandwidthMeterPro] C:\Programfiler\BandwidthMeterPro\BWMeterPro.exe

O4 - HKCU\..\Run: [VoipStunt] "C:\Programfiler\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - Startup: Loke standard skjerm.lnk = ?

O4 - Startup: mIRC (2).lnk = C:\Programfiler\mIRC\mirc.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{AC9BB085-88DD-44A7-86D6-1B6CDDDA919C}: NameServer = 130.67.15.198,193.213.112.4

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

er nesten sikker på at jeg har noe spyware nå, fordi det blir funnet noe hver gang jeg søker med super anti spyware

[norbat]

Kan du legge ut loggen fra Superantispyware (preferences->statistics/logs)?

[Looke]

SUPERAntiSpyware Scan Log

Generated 03/17/2007 at 00:09 AM

 

Application Version : 3.5.1016

 

Core Rules Database Version : 3193

Trace Rules Database Version: 1203

 

Scan type : Complete Scan

Total Scan Time : 00:23:24

 

Memory items scanned : 421

Memory threats detected : 0

Registry items scanned : 4331

Registry threats detected : 0

File items scanned : 33768

File threats detected : 5

 

Adware.Tracking Cookie

C:\Documents and Settings\Simonowns\Cookies\simonowns@atdmt[1].txt

C:\Documents and Settings\Simonowns\Cookies\simonowns@casalemedia[2].txt

C:\Documents and Settings\Simonowns\Cookies\simonowns@cgi-bin[2].txt

C:\Documents and Settings\Simonowns\Cookies\[email protected][1].txt

C:\Documents and Settings\Simonowns\Cookies\simonowns@advertising[1].txt

[norbat]

Hei, Looke,

 

HJT-loggen ser fin ut og det SAS finner er det som kalles cookies. Cookies er små informasjonsfile som man 'alltid' får når man er inne på nettsider. Rimelig ufarlige og enkle å slette (enten ved å scanne med SAS eller CCleaner eller via 'Alternativer for Internett'.)

Endret 16. mars 2007 av norbat

[Looke]

okey takker for bra hjelp