Kan noen sjekke HJT loggen min?

PyrionZ · 28. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:05:29, on 28.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\NetProject\scit.exe

C:\Programfiler\NetProject\sbmntr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Programfiler\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\Programfiler\Xfire\xfire.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Trend Micro\HJThistest\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programfiler\NetProject\sbmdl.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe"

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE

--

End of file - 6286 bytes

Noe galt her?

snippsat · 29. februar 2008

Ja det er noe grums her.

Last ned oppdatere kjør SAS free

Post logg.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Restart og en ny HijackThis logg.

PyrionZ · 29. februar 2008

Jeg burde kanskje slukke ned AVG mens jeg kjører SAS da eller?

snippsat · 29. februar 2008

Ja det kan lønne seg,men ikke viktig.

PyrionZ · 29. februar 2008

Scanner med SAS nå, og den har funnet 147 threats til nå, AVG ant bare 6 Threats: p

Burde jeg kanskje avinstallere AVG og kjøre SAS hele tia da ?

PyrionZ · 29. februar 2008

ComboFix 08-03-01 - MarkuZ 2008-02-29 21:41:51.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2785 [GMT 1:00]

Running from: C:\Documents and Settings\MarkuZ\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))

.

2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Documents and Settings\MarkuZ\Programdata\SUPERAntiSpyware.com

2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-28 23:05 . 2008-02-28 23:05 <DIR> d-------- C:\Programfiler\Trend Micro

2008-02-27 22:57 . 2008-02-29 21:26 <DIR> d-------- C:\Programfiler\NetProject

2008-02-26 17:19 . 2008-02-26 17:19 244 --ah----- C:\sqmnoopt00.sqm

2008-02-26 17:19 . 2008-02-26 17:19 232 --ah----- C:\sqmdata00.sqm

2008-02-25 20:47 . 2008-02-25 20:47 382 --a------ C:\WINDOWS\ODBC.INI

2008-02-25 20:46 . 2008-02-25 20:46 <DIR> d-------- C:\WINDOWS\ShellNew

2008-02-25 20:45 . 2008-02-25 20:45 <DIR> d-------- C:\Documents and Settings\MarkuZ\Programdata\Microsoft Web Folders

2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Programfiler\18 Wheels of Steel American Long Haul

2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-02-19 17:44 . 2008-02-19 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia

2008-02-17 12:12 . 2008-02-17 12:12 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-02-17 12:06 . 2008-02-17 12:06 <DIR> d-------- C:\Programfiler\Rockstar Games

2008-02-11 21:28 . 2006-11-23 05:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl

2008-02-11 21:18 . 2005-03-03 19:47 31,104 --a------ C:\WINDOWS\system32\drivers\CYUSB.sys

2008-02-11 21:09 . 2008-02-11 21:09 <DIR> d-------- C:\Programfiler\Razer

2008-02-09 17:54 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-02-09 17:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-09 17:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-09 17:54 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-02-05 00:03 . 2008-02-05 00:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-02-05 00:03 . 2008-02-05 00:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-28 21:55 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\AVG7

2008-02-28 21:54 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-02-28 13:37 --------- d-----w C:\Programfiler\Xfire

2008-02-27 20:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-27 20:44 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-26 20:44 --------- d-----w C:\Programfiler\Opera

2008-02-26 13:43 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Xfire

2008-02-22 03:58 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Azureus

2008-02-20 16:13 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Hamachi

2008-02-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7

2008-02-14 17:34 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-02-08 20:20 --------- d-----w C:\Programfiler\StepMania

2008-02-05 21:25 --------- d-----w C:\Programfiler\SpeedFan

2008-01-29 21:07 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia

2008-01-29 21:07 --------- d-----w C:\Programfiler\AVSMedia

2008-01-27 21:35 --------- d-----w C:\Programfiler\Azureus

2008-01-27 21:35 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus

2008-01-27 19:07 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-01-27 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\Adobe Systems

2008-01-27 19:04 --------- d-----w C:\Programfiler\Fellesfiler\Adobe Systems Shared

2008-01-27 00:03 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2008-01-27 00:03 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\teamspeak2

2008-01-23 17:42 --------- d-----w C:\Programfiler\Lavalys

2008-01-21 17:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\Xfire

2008-01-21 14:19 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Xfire

2008-01-17 21:44 609,812 ----a-w C:\WINDOWS\P5KC0804.zip

2008-01-17 21:40 --------- d-----w C:\Programfiler\ASUS

2008-01-17 19:23 --------- d-----w C:\Programfiler\Fellesfiler\snp325

2008-01-17 19:22 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\InstallShield

2008-01-15 20:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-01-15 20:25 22,328 ----a-w C:\Documents and Settings\MarkuZ\Programdata\PnkBstrK.sys

2008-01-15 20:18 --------- d-----w C:\Programfiler\Activision

2008-01-15 18:19 --------- d-----w C:\Programfiler\Java

2008-01-15 18:18 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-01-15 13:59 --------- d-----w C:\Programfiler\DAEMON Tools Lite

2008-01-15 13:57 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\DAEMON Tools

2008-01-14 21:08 --------- d-----w C:\Programfiler\Winamp

2008-01-14 21:08 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Winamp

2008-01-14 20:24 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-14 20:08 --------- d-----w C:\Programfiler\GameSpy Arcade

2008-01-14 19:59 --------- d-----w C:\Programfiler\EA GAMES

2008-01-14 18:47 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-01-14 18:47 --------- d-----w C:\Programfiler\Windows Live

2008-01-14 18:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-01-14 18:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-01-14 18:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-01-14 18:32 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7

2008-01-14 18:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft

2008-01-14 18:05 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-01-14 18:01 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\InterTrust

2008-01-14 17:57 --------- d-----w C:\Programfiler\Attansic

2008-01-14 17:52 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-14 17:52 --------- d-----w C:\Programfiler\Realtek

2008-01-14 17:34 --------- d-----w C:\Programfiler\Intel

2008-01-14 17:24 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-14 17:23 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-01-14 17:23 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll

2007-12-07 01:08 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]

C:\Programfiler\Helper\1204149435.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 10:43 486856]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-28 14:23 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2006-08-31 10:47 2162688]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 10:47 7630848]

"nwiz"="nwiz.exe" [2006-08-31 10:47 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-31 10:47 86016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:32 579072]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-12-20 16:16 37376]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 14:50 20480]

"tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:36 270336]

"snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584]

"DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 19:32 219136]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Programfiler\\Opera\\Opera.exe"=

"C:\\Programfiler\\Azureus\\Azureus.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12]

R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32]

S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]

S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 17:58]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-01 21:43:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-01 21:43:16

.

PyrionZ · 29. februar 2008

Og her er den nye HJT loggen: Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:48:44, on 01.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Winamp\winampa.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Programfiler\Razer\DeathAdder\razerhid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Razer\DeathAdder\razertra.exe

C:\Programfiler\Razer\DeathAdder\razerofa.exe

C:\Programfiler\Xfire\xfire.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HJThistest\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL (file missing)

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE (file missing)

--

End of file - 6216 bytes

snippsat · 29. februar 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

folder::

C:\Programfiler\NetProject

------------------------------------------------------------------------------------

Start HijackThis finn disse linjene merk dem,så trykk fixed checked.

O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL (file missing)

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

Restart og en ny HijackThis logg.

Endret 29. februar 2008 av SNIPPSAT

PyrionZ · 29. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:28:23, on 01.03.2008