Analysering av hjt-og SAS logg.

[-Erik-]

Hei! Har fått noe drit på pc'n og lurte på om noen ville analysere SAS og HJT loggen, det hadde jeg sittet stor pris på!

 

SAS:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/11/2007 at 12:38 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3284

Trace Rules Database Version: 1295

 

Scan type : Quick Scan

Total Scan Time : 00:16:47

 

Memory items scanned : 364

Memory threats detected : 0

Registry items scanned : 581

Registry threats detected : 0

File items scanned : 8268

File threats detected : 41

 

Adware.Tracking Cookie

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@revsci[2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@adinterax[1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila greve@[1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@indexstats[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@atdmt[2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@doubleclick[1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@adtech[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@2o7[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@indextools[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@windowsmedia[1].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@adcentriconline[1].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@tradedoubler[2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@questionmarket[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected]

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila greve@clickbank[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@hitbox[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila greve@cgi-bin[2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila [email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@advertising[2].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][2].txt

C:\Documents and Settings\Laila Greve\Cookies\laila_greve@mediaplex[1].txt

C:\Documents and Settings\Laila Greve\Cookies\[email protected][1].txt

C:\Documents and Settings\Laila Greve\Cookies\laila greve@cgi-bin[1].txt

 

Malware.DriveCleaner

C:\DOCUMENTS AND SETTINGS\LAILA GREVE\LOKALE INNSTILLINGER\TEMP\UDC6H_0001_D19M0709\INSTALLER.EXE

 

HJT:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:57:50, on 11.08.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Realtek\Rtl8180\RtlWake.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Trend Micro\syltetøy\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: RtlWake.lnk = ?

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173632767823

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

 

--

End of file - 4302 bytes

 

Takk på forhånd =)

[norbat]

Ikke så mye å se i den HJT-loggen. Hva er det som gjør at du mener du har fått noe 'drit' ?

[-Erik-]

nvm, har fjernet det som jeg visste om =)

[Trainman]

Hva med denne?

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

Jeg ville fjernet den.

 

Kan muligens avinstalleres fra "Legg til/ fjern programmer".