[løst]Tror jeg har masse virus, kan noen tyde HJT-logg?

23. februar 2008

Har treig data, mye treigere enn før. også får jeg mange virus i avg som jeg sletter etterhvert. tror jeg skal formatere harddisken snart. men gidder noen se hva som er feil?

på forhånd takk;)

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07:33, on 23.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\NetProject\scit.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rusten\Desktop\hijackthis''\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203638955.dll

O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Program Files\WinSecureAv\Tools\pblock.dll (file missing)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Program Files\WinSecureAv\Tools\sbiebho.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\no\msntb.dll

O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [WinSecureAv] C:\Program Files\WinSecureAv\pgs.exe

O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\COMMON~1\WINSEC~1\ugac.exe" -start

O4 - HKLM\..\Run: [ptask] C:\Program Files\WinSecureAv\ptask.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12B3F918-1352-4902-84CD-4CA7CA776472}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CCS\Services\Tcpip\..\{1573B8C4-90B8-4DD8-92D2-ED3AB3D21AD1}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D6760B8-B1DC-41AF-85F4-1DE9AC97E942}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C8A79C9-C6EE-45EE-8A40-AABCA1C858AC}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CCS\Services\Tcpip\..\{C743930B-6874-42F2-81AC-D887E7FE2EFC}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CCS\Services\Tcpip\..\{D54540D6-A96C-4B55-8F6D-4D2B136DB202}: NameServer = 85.255.113.150,85.255.112.153

O17 - HKLM\System\CS1\Services\Tcpip\..\{12B3F918-1352-4902-84CD-4CA7CA776472}: NameServer = 85.255.113.150,85.255.112.153

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Endret 24. februar 2008 av Slettet-EIV2CS

Grindal · 23. februar 2008

Ser at du har fått netproject og antispywareshield

har ikke veldig peiling, men siden netproject og antispywareshield er misledende programmer, så tror jeg at du kan merke av følgene:

O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

og

C:\Program Files\NetProject\scit.exe (vent med denne, er litt usikker)

snippsat · 23. februar 2008

Det var en del grums her.

The warrior det er greit og gi råd,men rådet ditt hadde ikke hjulet så mye her.

Last ned oppdatere kjør SAS free

Post logg.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Restart og en ny HijackThis logg.

Endret 23. februar 2008 av SNIPPSAT

23. februar 2008

Combo:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-02-23.2 - Rusten 2008-02-23 21:05:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.469 [GMT 1:00]

Running from: C:\Documents and Settings\Rusten\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Application Data\SeekmoSA

C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat

C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat

C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht

C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht

C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat

C:\Program Files\Helper

C:\Program Files\Helper\1203638955.dll

C:\Program Files\VirusHeat 4.3

C:\Program Files\VirusHeat 4.3\vpp.ini

C:\WINDOWS\images.zip

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\_000007_.tmp.dll

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000009_.tmp.dll

C:\WINDOWS\system32\_000010_.tmp.dll

C:\WINDOWS\system32\wbchha.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))

.

2008-02-22 01:45 . 2008-02-23 18:40 <DIR> d-------- C:\Documents and Settings\Rusten\Application Data\AVG7

2008-02-22 01:44 . 2008-02-22 01:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-22 01:44 . 2008-02-22 01:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-22 01:44 . 2008-02-22 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

2008-02-22 01:43 . 2008-02-22 01:43 <DIR> d-------- C:\Program Files\DivX

2008-02-22 01:20 . 2008-02-23 18:40 <DIR> d-------- C:\Program Files\AntiSpywareShield

2008-02-22 01:18 . 2008-02-22 01:18 <DIR> d--hs---- C:\WinSecureAv

2008-02-22 01:18 . 2008-02-22 01:29 <DIR> d-------- C:\Program Files\WinSecureAv

2008-02-22 01:18 . 2008-02-23 18:01 <DIR> d-------- C:\Program Files\Common Files\WinSecureAv

2008-02-22 01:18 . 2008-02-22 01:28 <DIR> d-------- C:\Documents and Settings\Rusten\Application Data\WinSecureAv

2008-02-22 01:18 . 2008-02-22 01:18 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon

2008-02-22 01:09 . 2008-02-23 18:04 <DIR> d-------- C:\Program Files\NetProject

2008-02-22 01:09 . 2008-02-22 01:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-16 16:13 . 2008-02-16 16:20 <DIR> d-------- C:\Program Files\MSN Messenger

2008-02-16 01:55 . 2008-02-18 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NFS Underground

2008-02-13 23:09 . 2008-02-13 23:10 <DIR> d-------- C:\Program Files\MSN Apps

2008-02-12 21:39 . 2008-02-12 21:39 268 --ah----- C:\sqmdata00.sqm

2008-02-12 21:39 . 2008-02-12 21:39 244 --ah----- C:\sqmnoopt00.sqm

2008-02-07 22:01 . 2008-02-07 22:01 <DIR> d--h----- C:\WINDOWS\PIF

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-23 19:47 --------- d-----w C:\Program Files\Symantec

2008-02-23 19:10 --------- d-----w C:\Program Files\BitLord

2008-02-23 16:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-21 23:45 --------- d-----w C:\Documents and Settings\Rusten\Application Data\Hamachi

2008-02-18 00:02 --------- d-----w C:\Documents and Settings\Rusten\Application Data\LimeWire

2008-02-16 14:48 --------- d-----w C:\Program Files\Windows Live

2008-02-16 12:37 --------- d-----w C:\Documents and Settings\Rusten\Application Data\Skype

2008-02-15 19:33 --------- d-----w C:\Documents and Settings\Rusten\Application Data\skypePM

2008-02-13 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-19 01:27 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2008-01-18 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-18 17:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-01-18 17:51 249,856 ------w C:\WINDOWS\Setup1.exe

2008-01-18 17:50 --------- d-----w C:\Program Files\Share Cracker

2008-01-18 17:49 --------- d-----w C:\Program Files\Norton Internet Security 2008

2008-01-18 17:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-18 17:42 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-18 17:42 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-18 17:42 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-18 17:36 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-18 17:35 --------- d-----w C:\Program Files\Norton Internet Security

2008-01-18 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-10 21:12 --------- d-----w C:\Program Files\GameSpy Arcade

2008-01-10 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak

2008-01-10 20:55 --------- d-----w C:\Program Files\Kodak

2008-01-08 22:20 2,277,376 ----a-w C:\WINDOWS\system32\TUKernel.exe

2008-01-08 22:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-01-08 21:56 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe

2008-01-08 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-01-08 21:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-01-08 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-01-08 17:50 --------- d-----w C:\Program Files\Yahoo!

2008-01-08 17:50 --------- d-----w C:\Program Files\CCleaner

2008-01-08 17:07 --------- d-----w C:\Program Files\GemMaster

2008-01-08 15:43 --------- d-----w C:\Program Files\Winamp

2008-01-08 15:43 --------- d-----w C:\Program Files\Google

2008-01-08 14:23 --------- d-----w C:\Program Files\QuickTime

2008-01-08 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-05 20:58 --------- d-----w C:\Documents and Settings\Rusten\Application Data\Winamp

2008-01-05 20:57 --------- d-----w C:\Program Files\Common Files\NSV

2008-01-01 23:04 --------- d-----w C:\Program Files\UBISOFT

2007-12-23 00:16 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll

2007-12-05 11:07 40,960 ----a-w C:\WINDOWS\_ds13.tmp

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-17 19:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-10-22 02:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab

2007-10-22 02:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab

2007-10-22 02:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab

2007-10-22 02:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab

2007-10-22 02:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab

2007-10-22 02:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab

2007-10-22 02:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab

2007-10-22 02:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab

2007-10-22 02:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}]

C:\Program Files\WinSecureAv\Tools\pblock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-02-22 01:35 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}]

C:\Program Files\WinSecureAv\Tools\sbiebho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

2008-02-22 01:31 9728 --a------ C:\Program Files\NetProject\sbmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{81705D67-3F73-4983-859B-97D0922E5ABE}

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]

"isCfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 10:49 607624]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]

"WinSecureAv"="C:\Program Files\WinSecureAv\pgs.exe" [ ]

"ugac"="C:\PROGRA~1\COMMON~1\WINSEC~1\ugac.exe" [ ]

"ptask"="C:\Program Files\WinSecureAv\ptask.exe" [ ]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-22 01:44 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 01:44 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"some"= C:\Program Files\NetProject\scit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"System"="kddbp.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\DOCUME~1\\Rusten\\LOCALS~1\\Temp\\service.exe"=

"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"C:\\Documents and Settings\\Rusten\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"=

"C:\\Program Files\\Hamachi\\hamachi.exe"=

"D:\\spell\\cs\\hl.exe"=

"D:\\War k 1.17\\Warcraft III.exe"=

"D:\\War k 1.17\\war3.exe"=

"K:\\Spel\\[PC] Pro Evolution Soccer 2008 [ENG] [dopeman]\\PES2008.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"DEFGÜ1‘|2‘|2‘|ˆ2‘|>"= DEFGÜ1‘|2‘|2‘|ˆ2‘|>:Nod32 Runtime

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]

R0 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-10 20:00]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

S0 dhlp;dhlp;C:\WINDOWS\system32\Drivers\dhlp.sys []

S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-08 22:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3049a98-95e3-11dc-a2f1-0016d45febc5}]

\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - COMHOST

*Newly Created Service* - INT15.SYS

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-23 21:18:21

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-02-23 21:22:05

ComboFix-quarantined-files.txt 2008-02-23 20:20:56

Ny hjt:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:35:16, on 23.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\NetProject\scit.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe