[Løst] Analyse av Hijackthis logg

Deadalus · 25. mai 2008

Har kjørt SAS, Combofix og Hijackthis. Fulgt fjerning av spyware guiden. Trenger hjelp til å analysere Hijackthis logg. Tror det er noe grums der.

Logfile of HijackThis v1.99.1

Scan saved at 15:35:00, on 25.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programfiler\cFosSpeed\spd.exe

E:\WINDOWS\system32\lkcitdl.exe

E:\WINDOWS\system32\lkads.exe

E:\WINDOWS\system32\lktsrv.exe

E:\Programfiler\National Instruments\MAX\nimxs.exe

E:\WINDOWS\system32\nicitdl5.exe

E:\Programfiler\National Instruments\Shared\Security\nidmsrv.exe

E:\WINDOWS\system32\nisvcloc.exe

E:\Programfiler\Eset\nod32krn.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

E:\Programfiler\Eset\nod32kui.exe

E:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

E:\Programfiler\cFosSpeed\cFosSpeed.exe

E:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe

E:\Programfiler\MSN Messenger\MsnMsgr.Exe

E:\Programfiler\utorrent\utorrent.exe

E:\Programfiler\DAEMON Tools Lite\daemon.exe

E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Programfiler\Logitech\SetPoint\SetPoint.exe

E:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

E:\WINDOWS\System32\svchost.exe

E:\Programfiler\MSN Messenger\usnsvc.exe

E:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

E:\Programfiler\Mozilla Firefox\firefox.exe

E:\WINDOWS\explorer.exe

E:\WINDOWS\system32\notepad.exe

E:\Documents and Settings\Rune\Skrivebord\Faenskap\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [ATICCC] "E:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nod32kui] "E:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [cFosSpeed] E:\Programfiler\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [XboxStat] "e:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKCU\..\Run: [MsnMsgr] "E:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "E:\Programfiler\utorrent\utorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [uTorrent] "E:\Programfiler\utorrent\utorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Logitech SetPoint.lnk = E:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182010318092

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205502936625

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - E:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: LBTWlgn - e:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Programfiler\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - E:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - E:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - E:\WINDOWS\system32\lktsrv.exe

O23 - Service: SQL Server (CITADEL) (MSSQL$CITADEL) - Unknown owner - E:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sCITADEL (file missing)

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - E:\Programfiler\National Instruments\MAX\nimxs.exe

O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - E:\WINDOWS\system32\nicitdl5.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - E:\Programfiler\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - E:\Programfiler\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: National Instruments Lookout 6.1 (NILookoutService61) - National Instruments, Inc. - E:\Programfiler\National Instruments\Lookout 6.1\lkserv.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - E:\WINDOWS\system32\nisvcloc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Programfiler\Eset\nod32krn.exe

O23 - Service: OpcEnum - OPC Foundation - E:\WINDOWS\system32\OpcEnum.exe

O23 - Service: ServiceLayer - Nokia. - E:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

Endret 25. mai 2008 av Deadalus

norbat · 25. mai 2008

Loggen viser intet grums.

Hva gjør at du mistenker dette?

Du kan godt fixe følgende linje vha. hjt:

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

Deadalus · 25. mai 2008

SAS fant mye. Så regnet nesten med at det var mere.

Fikser den linja.

Takk for helpen.

r2d290 · 25. mai 2008

Legg inn loggen som combofix og SAS lagde

Deadalus · 25. mai 2008

Ble no tull med posten:hmm:

Endret 25. mai 2008 av Deadalus

Deadalus · 25. mai 2008

OK, legger ved combofix og SAS logg

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/25/2008 at 02:46 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468

Trace Rules Database Version: 1459

Scan type : Complete Scan

Total Scan Time : 00:44:31

Memory items scanned : 670

Memory threats detected : 0

Registry items scanned : 5987

Registry threats detected : 0

File items scanned : 21080

File threats detected : 4

Adware.Tracking Cookie

E:\Documents and Settings\****\Cookies\****@atdmt[2].txt

E:\Documents and Settings\****\Cookies\****@tradedoubler[2].txt

E:\Documents and Settings\****\Cookies\****@advertising[2].txt

.tradedoubler.com [ E:\Documents and Settings\Ingjerd\Programdata\Mozilla\Firefox\Profiles\cz0k6ahv.default\cookies.txt ]

.adultfriendfinder.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.porndirt.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.porndirt.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.adultadworld.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.privatsex-piger.dk [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.adfarm1.adition.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

newmovie.sexmagasin.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.clckm.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.partypoker.com [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.jomfruporno.dk [ E:\Documents and Settings\****\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

track.adform.net [ E:\Documents and Settings\Mange\Programdata\Mozilla\Firefox\Profiles\1e75ovd9.default\cookies.txt ]

Trojan.Malware

D:\asdf.txt

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/25/2008 at 02:46 PM

Application Version : 4.1.1046

Core Rules Database Version : 3468

Trace Rules Database Version: 1459

Scan type : Complete Scan

Total Scan Time : 00:44:31

Memory items scanned : 670

Memory threats detected : 0

Registry items scanned : 5987

Registry threats detected : 0

File items scanned : 21080

File threats detected : 4

Adware.Tracking Cookie

E:\Documents and Settings\***\Cookies\***@atdmt[2].txt

E:\Documents and Settings\***\Cookies\***@tradedoubler[2].txt

E:\Documents and Settings\***\Cookies\***@advertising[2].txt

.tradedoubler.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\cz0k6ahv.default\cookies.txt ]

.adultfriendfinder.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.porndirt.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.porndirt.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.adultadworld.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.privatsex-piger.dk [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.adfarm1.adition.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

newmovie.sexmagasin.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.clckm.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

.partypoker.com [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

www.jomfruporno.dk [ E:\Documents and Settings\***\Programdata\Mozilla\Firefox\Profiles\h9q2fo63.default\cookies.txt ]

track.adform.net [ E:\Documents and Settings\Mange\Programdata\Mozilla\Firefox\Profiles\1e75ovd9.default\cookies.txt ]

Trojan.Malware

D:\asdf.txt

Takk for hjelpen

norbat · 25. mai 2008

Dette var 2 stk sas-logger

Uansett, de viste bare cookies, noe som ikke man trenger å bekymre seg særlig over.

Deadalus · 25. mai 2008

Setter denne som løst.

Logg inn

[Løst] Analyse av Hijackthis logg

Anbefalte innlegg

Deadalus

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Deadalus

Lenke til kommentar

r2d290

Lenke til kommentar

Deadalus

Lenke til kommentar

Deadalus

Lenke til kommentar

norbat

Lenke til kommentar

Deadalus

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen 1 2 3 4 5

Woke i moderne underholdningsindustri 1 2 3 4 505

Russlands invasjon av Ukraina [Ny tråd, les førstepost] 1 2 3 4 3570

Elbil-tråden 1 2 3 4 1014

Hvem er aktive 0 medlemmer