Gå til innhold

ønsker sjekk av hjt -og combologger

kroghelg

Av kroghelg
i IKT-drift og sikkerhet

Anbefalte innlegg

kroghelg

kroghelg

Skrevet
Skrevet

Hadde vært fint om noen kunne sjekket disse.

Har ikke mistanke om noe spesielt, men ønsker sjekk.

Avira har funnet noe som er slettet og anti malware fant ingenting, men vet den brukes mye på

bla msn

 

combo

 

ComboFix 08-11-24.03 - markus 2008-11-25 17:25:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1631 [GMT 1:00]

Running from: c:\documents and settings\markus\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\windows\LastGood

2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programfiler\ATI Technologies

2008-11-25 17:23 . 2008-07-04 04:00 3,786,144 --a------ c:\windows\system32\OLD43.tmp

2008-11-25 17:23 . 2008-07-04 03:49 2,140,672 --a------ c:\windows\system32\OLD42.tmp

2008-11-25 17:23 . 2008-07-04 03:22 565,248 --a------ c:\windows\system32\OLD44.tmp

2008-11-25 17:23 . 2008-07-04 04:12 561,152 --a------ c:\windows\system32\OLD41.tmp

2008-11-25 17:23 . 2008-07-04 03:30 348,160 --a------ c:\windows\system32\OLD3D.tmp

2008-11-25 17:23 . 2008-07-04 04:23 309,248 --a------ c:\windows\system32\OLD45.tmp

2008-11-25 17:23 . 2008-07-04 04:14 184,320 --a------ c:\windows\system32\OLD3F.tmp

2008-11-25 17:23 . 2008-07-04 04:13 139,264 --a------ c:\windows\system32\OLD40.tmp

2008-11-25 17:23 . 2008-07-04 04:13 43,520 --a------ c:\windows\system32\OLD3E.tmp

2008-11-25 17:21 . 2008-11-25 17:21 <DIR> d-------- c:\programfiler\Trend Micro

2008-11-25 17:10 . 2008-11-25 17:10 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-11-25 17:03 . 2008-11-25 17:02 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2008-11-25 17:02 . 2008-11-25 17:02 107,832 --a------ c:\windows\system32\PnkBstrB.exe

2008-11-25 17:02 . 2008-11-25 17:02 22,328 --a------ c:\documents and settings\markus\Programdata\PnkBstrK.sys

2008-11-25 17:01 . 2008-11-25 17:01 2,250,024 --a------ c:\windows\system32\pbsvc.exe

2008-11-25 17:01 . 2008-11-25 17:01 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2008-11-25 16:50 . 2008-11-25 16:50 <DIR> d-------- c:\programfiler\Ubisoft

2008-11-21 23:22 . 2008-11-21 23:22 <DIR> d-------- c:\programfiler\rect grid view

2008-11-13 03:00 . 2008-11-13 03:00 1,393 --a------ c:\windows\imsins.BAK

2008-11-12 19:24 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-09 16:09 . 2008-11-25 17:23 4,958,588 --a------ c:\windows\{0000000B-00000000-00000009-00001102-00000004-20021102}.BAK

2008-11-09 16:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\markus\Siste

2008-11-09 15:33 . 2008-11-09 15:33 <DIR> d-------- c:\programfiler\Activision

2008-11-09 15:27 . 2008-11-09 15:27 <DIR> d--hs---- c:\windows\ftpcache

2008-11-09 15:26 . 2008-11-09 15:26 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\spillkonto\Programdata\rect grid view

2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\markus\Programdata\DAEMON Tools

2008-11-09 15:22 . 2008-11-09 15:22 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> dr------- c:\documents and settings\spillkonto\Start-meny

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\Skrivere

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d-------- c:\documents and settings\spillkonto\Skrivebord

2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr-h----- c:\documents and settings\spillkonto\Siste

2008-11-09 15:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\spillkonto\Programdata

2008-11-09 15:04 . 2008-11-25 17:15 <DIR> dr------- c:\documents and settings\spillkonto\Mine dokumenter

2008-11-09 15:04 . 2008-08-03 00:56 <DIR> d--h----- c:\documents and settings\spillkonto\Maler

2008-11-09 15:04 . 2008-11-25 17:27 <DIR> d--h----- c:\documents and settings\spillkonto\Lokale innstillinger

2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr------- c:\documents and settings\spillkonto\Favoritter

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\AndrMask

2008-11-09 15:04 . 2008-11-09 15:04 <DIR> d-------- c:\documents and settings\spillkonto

2008-10-29 03:22 . 2008-10-29 03:22 314,880 --a------ c:\windows\system32\SETF.tmp

2008-10-29 03:11 . 2008-10-29 03:11 188,416 --a------ c:\windows\system32\SET34.tmp

2008-10-29 03:11 . 2008-10-29 03:11 43,520 --a------ c:\windows\system32\SET3A.tmp

2008-10-29 03:10 . 2008-10-29 03:10 143,360 --a------ c:\windows\system32\SET31.tmp

2008-10-29 03:09 . 2008-10-29 03:09 585,728 --a------ c:\windows\system32\SET2E.tmp

2008-10-29 02:57 . 2008-10-29 02:57 4,041,472 --a------ c:\windows\system32\SET18.tmp

2008-10-29 02:41 . 2008-10-29 02:41 2,472,832 --a------ c:\windows\system32\SET1B.tmp

2008-10-29 02:40 . 2008-10-29 02:40 60,452 --a------ c:\windows\system32\ativvaxx.cap

2008-10-29 02:18 . 2008-10-29 02:18 253,952 --a------ c:\windows\system32\SET7B.tmp

2008-10-29 02:18 . 2008-10-29 02:18 253,952 --a------ c:\windows\system32\SET70.tmp

2008-10-29 02:12 . 2008-10-29 02:12 577,536 --a------ c:\windows\system32\SET12.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 16:23 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-25 16:10 --------- d-----w c:\documents and settings\markus\Programdata\uTorrent

2008-11-21 22:23 --------- d-----w c:\documents and settings\markus\Programdata\rect grid view

2008-11-21 22:22 --------- d-----w c:\documents and settings\All Users\Programdata\grey ante kind mess

2008-11-15 14:59 30 ----a-w c:\documents and settings\markus\jagex_runescape_preferences.dat

2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll

2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe

2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll

2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll

2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll

2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll

2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe

2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll

2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll

2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll

2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll

2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll

2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll

2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll

2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll

2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 17:59 --------- d-----w c:\programfiler\Google

2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-10-11 17:23 --------- d-----w c:\programfiler\Messenger Plus! Live

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-13 11:39 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-26 08:30 826,368 ----a-w c:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"showmeal"="c:\docume~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe" [2008-11-21 544256]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"BigDogPath"="c:\windows\VM_STI.EXE" [2006-12-22 40960]

"Kind Mess Surf Settings"="c:\documents and settings\All Users\Programdata\grey ante kind mess\bias active.exe" [2008-11-25 3602432]

"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

"ATIModeChange"="Ati2mdxx.exe" [2008-10-29 c:\windows\system32\Ati2mdxx.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-08-21 02:18 443968 c:\programfiler\Picasa2\PicasaMediaDetector.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programfiler\\SopCast\\SopCast.exe"=

"c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Programfiler\\TVAnts\\Tvants.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;c:\windows\system32\DRIVERS\AN983.sys [2008-08-03 36224]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-08-03 402944]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-25 c:\windows\Tasks\ADB2C58991857919.job

- c:\docume~1\markus\progra~1\rectgr~1\amenclockidol.exe [2008-11-21 23:23]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 17:28:06

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(768)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2008-11-25 17:28:44

ComboFix-quarantined-files.txt 2008-11-25 16:28:42

 

Pre-Run: 20 198 694 912 byte ledig

Post-Run: 20,535,865,344 byte ledig

 

200 --- E O F --- 2008-11-13 02:01:53

 

 

HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:37:28, on 25.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\PROGRA~1\MICROS~2\rapimgr.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%

O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Programdata\grey ante kind mess\bias active.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [showmeal] C:\DOCUME~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217702304421

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 6143 bytes

 

 

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
kroghelg

kroghelg

Skrevet
  • Forfatter
Skrevet
ny combofix logg da ;)

 

ny combo-log

Får forresten opp noen reklamesider hvor det står CID

 

ComboFix 08-11-24.03 - markus 2008-11-25 18:07:54.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1646 [GMT 1:00]

Running from: c:\documents and settings\markus\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))

.

 

2008-11-25 18:07 . 2008-11-25 18:07 4,958,588 --a------ c:\windows\{0000000B-00000000-00000009-00001102-00000004-20021102}.BAK

2008-11-25 18:06 . 2008-11-25 18:06 <DIR> dr-h----- c:\documents and settings\markus\Siste

2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programfiler\ATI Technologies

2008-11-25 17:21 . 2008-11-25 17:21 <DIR> d-------- c:\programfiler\Trend Micro

2008-11-25 17:10 . 2008-11-25 17:10 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-11-25 17:03 . 2008-11-25 17:02 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2008-11-25 17:02 . 2008-11-25 17:02 107,832 --a------ c:\windows\system32\PnkBstrB.exe

2008-11-25 17:02 . 2008-11-25 17:02 22,328 --a------ c:\documents and settings\markus\Programdata\PnkBstrK.sys

2008-11-25 17:01 . 2008-11-25 17:01 2,250,024 --a------ c:\windows\system32\pbsvc.exe

2008-11-25 17:01 . 2008-11-25 17:01 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2008-11-25 16:50 . 2008-11-25 16:50 <DIR> d-------- c:\programfiler\Ubisoft

2008-11-21 23:22 . 2008-11-21 23:22 <DIR> d-------- c:\programfiler\rect grid view

2008-11-12 19:24 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-09 15:33 . 2008-11-09 15:33 <DIR> d-------- c:\programfiler\Activision

2008-11-09 15:27 . 2008-11-09 15:27 <DIR> d--hs---- c:\windows\ftpcache

2008-11-09 15:26 . 2008-11-09 15:26 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\spillkonto\Programdata\rect grid view

2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\markus\Programdata\DAEMON Tools

2008-11-09 15:22 . 2008-11-09 15:22 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> dr------- c:\documents and settings\spillkonto\Start-meny

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\Skrivere

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d-------- c:\documents and settings\spillkonto\Skrivebord

2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr-h----- c:\documents and settings\spillkonto\Siste

2008-11-09 15:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\spillkonto\Programdata

2008-11-09 15:04 . 2008-11-25 17:15 <DIR> dr------- c:\documents and settings\spillkonto\Mine dokumenter

2008-11-09 15:04 . 2008-08-03 00:56 <DIR> d--h----- c:\documents and settings\spillkonto\Maler

2008-11-09 15:04 . 2008-11-25 18:09 <DIR> d--h----- c:\documents and settings\spillkonto\Lokale innstillinger

2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr------- c:\documents and settings\spillkonto\Favoritter

2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\AndrMask

2008-11-09 15:04 . 2008-11-09 15:04 <DIR> d-------- c:\documents and settings\spillkonto

2008-10-29 03:22 . 2008-10-29 03:22 314,880 --a------ c:\windows\system32\SETF.tmp

2008-10-29 03:11 . 2008-10-29 03:11 188,416 --a------ c:\windows\system32\SET34.tmp

2008-10-29 03:11 . 2008-10-29 03:11 43,520 --a------ c:\windows\system32\SET3A.tmp

2008-10-29 03:10 . 2008-10-29 03:10 143,360 --a------ c:\windows\system32\SET31.tmp

2008-10-29 03:09 . 2008-10-29 03:09 585,728 --a------ c:\windows\system32\SET2E.tmp

2008-10-29 02:57 . 2008-10-29 02:57 4,041,472 --a------ c:\windows\system32\SET18.tmp

2008-10-29 02:41 . 2008-10-29 02:41 2,472,832 --a------ c:\windows\system32\SET1B.tmp

2008-10-29 02:40 . 2008-11-25 17:31 60,452 --a------ c:\windows\system32\ativvaxx.cap

2008-10-29 02:12 . 2008-10-29 02:12 577,536 --a------ c:\windows\system32\SET12.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 16:23 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-11-25 16:10 --------- d-----w c:\documents and settings\markus\Programdata\uTorrent

2008-11-21 22:23 --------- d-----w c:\documents and settings\markus\Programdata\rect grid view

2008-11-21 22:22 --------- d-----w c:\documents and settings\All Users\Programdata\grey ante kind mess

2008-11-15 14:59 30 ----a-w c:\documents and settings\markus\jagex_runescape_preferences.dat

2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll

2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe

2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll

2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll

2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll

2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll

2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe

2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll

2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll

2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll

2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll

2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll

2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll

2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll

2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll

2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll

2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 17:59 --------- d-----w c:\programfiler\Google

2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-10-11 17:23 --------- d-----w c:\programfiler\Messenger Plus! Live

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-13 11:39 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-26 08:30 826,368 ----a-w c:\windows\system32\wininet.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-25_17.28.26,29 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-11 16:51:07 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2008-11-25 16:51:18 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"showmeal"="c:\docume~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe" [2008-11-21 544256]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"BigDogPath"="c:\windows\VM_STI.EXE" [2006-12-22 40960]

"Kind Mess Surf Settings"="c:\documents and settings\All Users\Programdata\grey ante kind mess\bias active.exe" [2008-11-25 3602432]

"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-08-21 02:18 443968 c:\programfiler\Picasa2\PicasaMediaDetector.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programfiler\\SopCast\\SopCast.exe"=

"c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Programfiler\\TVAnts\\Tvants.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;c:\windows\system32\DRIVERS\AN983.sys [2008-08-03 36224]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-08-03 402944]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-25 c:\windows\Tasks\ADB2C58991857919.job

- c:\docume~1\markus\progra~1\rectgr~1\amenclockidol.exe [2008-11-21 23:23]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 18:09:28

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(776)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2008-11-25 18:10:07

ComboFix-quarantined-files.txt 2008-11-25 17:10:05

ComboFix2.txt 2008-11-25 16:28:45

 

Pre-Run: 20 545 515 520 byte ledig

Post-Run: 20,533,051,392 byte ledig

 

190 --- E O F --- 2008-11-13 02:01:53

 

 

Lenke til kommentar
kroghelg

kroghelg

Skrevet
  • Forfatter
Skrevet
CiD-problemene dine skyldes at du har installert Messenger Plus! Live. Det medfølger et sponsorprogram som gir disse popupene. Fjern Messenger Plus! Live (evt. bare sponsorprogrammet) fra legg til/fjern programmer.

 

Post deretter en ny combofix-logg, så fjerner vi evt. rester etter dette.

 

Ok, det blir noe senere, men skal se hva jeg får til.

Takker så mye

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...