kan noen sjekke loggene?

jokke555 · 24. august 2008

combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-08-23.03 - 19060JABE7 2008-08-24 21:36:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.380 [GMT 2:00]

Running from: C:\Documents and Settings\19060jabe7\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\19060jabe7\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

C:\xcrashdump.dat

----- BITS: Possible infected sites -----

http://kvgs-fs2

.

((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))

.

2008-08-24 21:30 . 2008-08-24 21:30 <DIR> dr-h----- C:\Documents and Settings\19060jabe7\Siste

2008-08-24 20:15 . 2008-08-24 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-24 20:14 . 2008-08-24 20:14 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-24 20:14 . 2008-08-24 20:14 <DIR> d-------- C:\Documents and Settings\19060jabe7\Programdata\SUPERAntiSpyware.com

2008-08-24 18:46 . 2008-08-24 18:46 <DIR> d-------- C:\Programfiler\Lavasoft

2008-08-24 18:46 . 2008-08-24 18:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-08-24 18:42 . 2008-08-24 18:43 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-08-24 18:42 . 2008-08-24 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-07-28 01:36 . 2008-07-28 01:36 268 --ah----- C:\sqmdata04.sqm

2008-07-28 01:36 . 2008-07-28 01:36 244 --ah----- C:\sqmnoopt04.sqm

2008-07-27 06:23 . 2008-07-27 06:23 268 --ah----- C:\sqmdata03.sqm

2008-07-27 06:23 . 2008-07-27 06:23 244 --ah----- C:\sqmnoopt03.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-24 18:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-24 16:23 --------- d-----w C:\Documents and Settings\19060jabe7\Programdata\dvdcss

2008-08-24 00:18 --------- d-----w C:\Documents and Settings\19060jabe7\Programdata\LimeWire

2008-06-26 21:36 --------- d-----w C:\Documents and Settings\19060jabe7\Programdata\Winamp

2008-06-26 20:41 --------- d-----w C:\Programfiler\Winamp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE48B4E7-002B-4891-8E26-ED5E888FAE7D}]

2007-10-17 10:39 49152 --a------ C:\WINDOWS\system32\cwBCTrace.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 14:13 454656]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\OfficeScan Client\Pccntmon.exe" [2007-12-11 19:31 710000]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 16:16:02 581693]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=cwAgent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\Kvgs-fs2\DivPrograms\BrowseControl\InstallBC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]

"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]

"Script"=\\Kvgs-fs2\DivPrograms\XPLogon\InstDrv.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-43498\Scripts\Logon\0\0]

"Script"=logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3799992752-535036049-2774849586-43498\Scripts\Logon\0\1]

"Script"=Elev.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Steam\\steamapps\\doffa89\\counter-strike\\hl.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54321:TCP"= 54321:TCP:Trend Micro OfficeScan Listener

R2 BC-Agent;cwBCClient;C:\WINDOWS\system32\cwClient.exe [2007-10-17 10:40]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 11:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-08-24 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-08-24 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\19060jabe7\Programdata\Mozilla\Firefox\Profiles\cwm9e0d1.default\

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-24 21:38:29

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-24 21:39:22

ComboFix-quarantined-files.txt 2008-08-24 19:39:16

Pre-Run: 8,566,837,248 byte ledig

Post-Run: 8,562,003,968 byte ledig

123 --- E O F --- 2008-06-09 10:23:42

hjt

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:50, on 2008-08-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cwClient.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programfiler\Trend Micro\OfficeScan Client\Pccntmon.exe

C:\Programfiler\Windows Defender\MSASCui.exe

C:\Programfiler\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\explorer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\19060jabe7\Skrivebord\Ny mappe\123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.startsiden.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = kvgs-isa:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Track.Trace - {AE48B4E7-002B-4891-8E26-ED5E888FAE7D} - C:\WINDOWS\system32\cwBCTrace.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\wsck32.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.startsiden.no

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = skole.troms.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skole.troms.vgs.no

O20 - AppInit_DLLs: cwAgent.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: cwBCClient (BC-Agent) - Codework Limited - C:\WINDOWS\system32\cwClient.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe

--

End of file - 7706 bytes

norbat · 24. august 2008

Loggene ser greie ut.

**ilpostino** · 25. august 2008

Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vennligst forsøk å ha dette i tankene neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler.

Husk at en god emnetittel skal beskrive eller oppsummere hvilket problem du har - ikke at du har et problem. En god emnetittel skal heller ikke kun bestå av et produktnavn.

Bruk -knappen i første post for å endre emnetittelen.

(Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men gjerne dette innlegget når tittelen er endret, så vil det bli fjernet..)

Logg inn

kan noen sjekke loggene?

Anbefalte innlegg

jokke555

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

ilpostino

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer