PyrionZ Skrevet 28. februar 2008 Del Skrevet 28. februar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:05:29, on 28.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\NetProject\scit.exe C:\Programfiler\NetProject\sbmntr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HJThistest\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Programfiler\NetProject\sbmdl.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\NetProject\sbmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE -- End of file - 6286 bytes Noe galt her? Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 Ja det er noe grums her. Last ned oppdatere kjør SAS free Post logg. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Restart og en ny HijackThis logg. Lenke til kommentar
PyrionZ Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Jeg burde kanskje slukke ned AVG mens jeg kjører SAS da eller? Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 Ja det kan lønne seg,men ikke viktig. Lenke til kommentar
PyrionZ Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Scanner med SAS nå, og den har funnet 147 threats til nå, AVG ant bare 6 Threats: p Burde jeg kanskje avinstallere AVG og kjøre SAS hele tia da ? Lenke til kommentar
PyrionZ Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 ComboFix 08-03-01 - MarkuZ 2008-02-29 21:41:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2785 [GMT 1:00] Running from: C:\Documents and Settings\MarkuZ\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))) . 2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Documents and Settings\MarkuZ\Programdata\SUPERAntiSpyware.com 2008-02-29 21:25 . 2008-02-29 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-02-28 23:05 . 2008-02-28 23:05 <DIR> d-------- C:\Programfiler\Trend Micro 2008-02-27 22:57 . 2008-02-29 21:26 <DIR> d-------- C:\Programfiler\NetProject 2008-02-26 17:19 . 2008-02-26 17:19 244 --ah----- C:\sqmnoopt00.sqm 2008-02-26 17:19 . 2008-02-26 17:19 232 --ah----- C:\sqmdata00.sqm 2008-02-25 20:47 . 2008-02-25 20:47 382 --a------ C:\WINDOWS\ODBC.INI 2008-02-25 20:46 . 2008-02-25 20:46 <DIR> d-------- C:\WINDOWS\ShellNew 2008-02-25 20:45 . 2008-02-25 20:45 <DIR> d-------- C:\Documents and Settings\MarkuZ\Programdata\Microsoft Web Folders 2008-02-24 14:30 . 2008-02-24 14:30 <DIR> d-------- C:\Programfiler\18 Wheels of Steel American Long Haul 2008-02-21 02:57 . 2008-02-21 02:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-02-19 17:44 . 2008-02-19 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia 2008-02-17 12:12 . 2008-02-17 12:12 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-02-17 12:06 . 2008-02-17 12:06 <DIR> d-------- C:\Programfiler\Rockstar Games 2008-02-11 21:28 . 2006-11-23 05:55 73,728 --a------ C:\WINDOWS\system32\DeathAdder.cpl 2008-02-11 21:18 . 2005-03-03 19:47 31,104 --a------ C:\WINDOWS\system32\drivers\CYUSB.sys 2008-02-11 21:09 . 2008-02-11 21:09 <DIR> d-------- C:\Programfiler\Razer 2008-02-09 17:54 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-02-09 17:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-02-09 17:54 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-02-09 17:54 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-02-05 00:03 . 2008-02-05 00:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-02-05 00:03 . 2008-02-05 00:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-28 21:55 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\AVG7 2008-02-28 21:54 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-02-28 13:37 --------- d-----w C:\Programfiler\Xfire 2008-02-27 20:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-27 20:44 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-26 20:44 --------- d-----w C:\Programfiler\Opera 2008-02-26 13:43 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Xfire 2008-02-22 03:58 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Azureus 2008-02-20 16:13 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Hamachi 2008-02-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2008-02-14 17:34 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-02-08 20:20 --------- d-----w C:\Programfiler\StepMania 2008-02-05 21:25 --------- d-----w C:\Programfiler\SpeedFan 2008-01-29 21:07 --------- d-----w C:\Programfiler\Fellesfiler\AVSMedia 2008-01-29 21:07 --------- d-----w C:\Programfiler\AVSMedia 2008-01-27 21:35 --------- d-----w C:\Programfiler\Azureus 2008-01-27 21:35 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus 2008-01-27 19:07 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-01-27 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\Adobe Systems 2008-01-27 19:04 --------- d-----w C:\Programfiler\Fellesfiler\Adobe Systems Shared 2008-01-27 00:03 --------- d-----w C:\Programfiler\Teamspeak2_RC2 2008-01-27 00:03 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\teamspeak2 2008-01-23 17:42 --------- d-----w C:\Programfiler\Lavalys 2008-01-21 17:06 --------- d-----w C:\Documents and Settings\LocalService\Programdata\Xfire 2008-01-21 14:19 --------- d-----w C:\Documents and Settings\NetworkService\Programdata\Xfire 2008-01-17 21:44 609,812 ----a-w C:\WINDOWS\P5KC0804.zip 2008-01-17 21:40 --------- d-----w C:\Programfiler\ASUS 2008-01-17 19:23 --------- d-----w C:\Programfiler\Fellesfiler\snp325 2008-01-17 19:22 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\InstallShield 2008-01-15 20:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-01-15 20:25 22,328 ----a-w C:\Documents and Settings\MarkuZ\Programdata\PnkBstrK.sys 2008-01-15 20:18 --------- d-----w C:\Programfiler\Activision 2008-01-15 18:19 --------- d-----w C:\Programfiler\Java 2008-01-15 18:18 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-01-15 13:59 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-01-15 13:57 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\DAEMON Tools 2008-01-14 21:08 --------- d-----w C:\Programfiler\Winamp 2008-01-14 21:08 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\Winamp 2008-01-14 20:24 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-14 20:08 --------- d-----w C:\Programfiler\GameSpy Arcade 2008-01-14 19:59 --------- d-----w C:\Programfiler\EA GAMES 2008-01-14 18:47 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-14 18:47 --------- d-----w C:\Programfiler\Windows Live 2008-01-14 18:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-14 18:32 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-01-14 18:32 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-01-14 18:32 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2008-01-14 18:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-14 18:05 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-01-14 18:01 --------- d-----w C:\Documents and Settings\MarkuZ\Programdata\InterTrust 2008-01-14 17:57 --------- d-----w C:\Programfiler\Attansic 2008-01-14 17:52 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-14 17:52 --------- d-----w C:\Programfiler\Realtek 2008-01-14 17:34 --------- d-----w C:\Programfiler\Intel 2008-01-14 17:24 --------- d-----w C:\Programfiler\microsoft frontpage 2008-01-14 17:23 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-01-14 17:23 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-12-07 01:08 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}] C:\Programfiler\Helper\1204149435.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}] C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 10:43 486856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-28 14:23 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:03 110592 C:\WINDOWS\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe] "Gainward"="C:\WINDOWS\TBPanel.exe" [2006-08-31 10:47 2162688] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 10:47 7630848] "nwiz"="nwiz.exe" [2006-08-31 10:47 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-31 10:47 86016] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:32 579072] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-12-20 16:16 37376] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 14:50 20480] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2007-04-21 09:36 270336] "snp325"="C:\WINDOWS\vsnp325.exe" [2007-05-10 13:18 835584] "DeathAdder"="C:\Programfiler\Razer\DeathAdder\razerhid.exe" [2007-09-07 15:54 159744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 19:32 219136] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\Xfire\\xfire.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Azureus\\Azureus.exe"= R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12] R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 17:32] S3 CyUsb;Cypress Generic USB Driver;C:\WINDOWS\system32\Drivers\CyUsb.sys [2005-03-03 19:47] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programfiler\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00] S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-05-07 17:58] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 21:43:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-01 21:43:16 . Lenke til kommentar
PyrionZ Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Og her er den nye HJT loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:44, on 01.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HJThistest\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL (file missing) O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE (file missing) -- End of file - 6216 bytes Lenke til kommentar
snippsat Skrevet 29. februar 2008 Del Skrevet 29. februar 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. folder:: C:\Programfiler\NetProject ------------------------------------------------------------------------------------ Start HijackThis finn disse linjene merk dem,så trykk fixed checked. O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Programfiler\Helper\1204149435.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\PROGRAMFILER\NETPROJECT\SBMDL.DLL (file missing) Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Restart og en ny HijackThis logg. Endret 29. februar 2008 av SNIPPSAT Lenke til kommentar
PyrionZ Skrevet 29. februar 2008 Forfatter Del Skrevet 29. februar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:23, on 01.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Programfiler\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\Razer\DeathAdder\razertra.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Razer\DeathAdder\razerofa.exe C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HJThistest\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [DeathAdder] C:\Programfiler\Razer\DeathAdder\razerhid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE (file missing) -- End of file - 5841 bytes Lenke til kommentar
snippsat Skrevet 1. mars 2008 Del Skrevet 1. mars 2008 Loggen der fin ut sc stop Prime95 Service sc delete Prime95 Service Fix denne linjen med hjt. O23 - Service: Prime95 Service - Unknown owner - C:\DOCUME~1\MarkuZ\LOKALE~1\Temp\Midlertidig mappe 9 for p95v254.zip\PRIME95.EXE (file missing) Tjenesten kjører fil mangler. Kjører pcen greit kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå