Gå til innhold

Logger etter spywaresjekk

RMBB

Av RMBB
i IKT-drift og sikkerhet

Anbefalte innlegg

RMBB

RMBB

Skrevet
Skrevet (endret)

Kan noen sjekke disse?

På forhånd takk!

 

ComboFIX

 

ComboFix 08-01-10.2 - Marcon-T. Hansen 2008-01-11 9:10:58.2 - NTFSx86

Running from: C:\Documents and Settings\mrx\Skrivebord\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))

.

 

2008-01-11 08:56 . 2008-01-11 08:56 <DIR> d-------- C:\Programfiler\Trend Micro

2008-01-11 08:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-10 15:15 . 2008-01-11 09:09 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-10 15:15 . 2008-01-10 15:15 <DIR> d-------- C:\Documents and Settings\mrx\Programdata\SUPERAntiSpyware.com

2008-01-10 15:15 . 2008-01-10 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-10 15:14 . 2008-01-10 15:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-10 15:11 . 2008-01-10 15:11 <DIR> dr-h----- C:\Documents and Settings\mrx\Siste

2008-01-10 15:09 . 2008-01-10 15:09 <DIR> d-------- C:\Programfiler\CCleaner

2007-12-27 21:32 . 2007-12-27 21:32 <DIR> d-------- C:\Programfiler\Fellesfiler\muvee Technologies

2007-12-27 21:31 . 2007-05-28 19:13 1,079,808 -ra------ C:\WINDOWS\system32\mfc80u.dll

2007-12-27 21:31 . 2007-05-28 19:14 626,688 -ra------ C:\WINDOWS\system32\msvcr80.dll

2007-12-27 21:31 . 2007-05-28 19:13 548,864 -ra------ C:\WINDOWS\system32\msvcp80.dll

2007-12-27 21:31 . 2007-05-28 19:13 95,744 -ra------ C:\WINDOWS\system32\atl80.dll

2007-12-27 21:28 . 2007-12-27 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-12-27 21:27 . 2007-12-27 21:27 <DIR> d-------- C:\Programfiler\OLYMPUS

2007-12-21 23:31 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1

2007-12-21 23:31 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 08:08 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-10 14:16 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-12-27 20:29 --------- d-----w C:\Programfiler\QuickTime

2007-12-21 22:37 --------- d-----w C:\Programfiler\Norton 360

2007-12-21 22:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-21 22:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-21 22:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-21 22:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-21 22:29 --------- d-----w C:\Programfiler\Symantec

2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:52 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:52 727,040 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-30 16:53 360,832 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-09-11 21:19 71,168 ----a-w C:\Programfiler\daT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" [ ]

"OM2_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 16:59 95800]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 15:25 737369]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.EXE]

"SMSERIAL"="sm56hlpr.exe" [2005-09-16 14:01 557056 C:\WINDOWS\sm56hlpr.exe]

"RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 15:13 45056]

"InstantOn"="C:\PowerCinema Linux\ion_install.exe" [2006-03-16 16:07 93640]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 15:57 282624]

"Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]

R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2005-07-20 14:52]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03]

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]

 

*Newly Created Service* - COMHOST

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 09:12:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-11 9:13:15

ComboFix2.txt 2008-01-11 07:48:03

.

2008-01-09 11:14:18 --- E O F ---

 

 

HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:09:27, on 11.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Trend Micro\HijackThis\run.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [instantOn] "C:\PowerCinema Linux\ion_install.exe" /c

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [OM2_Monitor] "C:\Programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @c:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 8224 bytes

 

 

SAS

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/10/2008 at 03:46 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3377

Trace Rules Database Version: 1371

 

Scan type : Complete Scan

Total Scan Time : 00:29:49

 

Memory items scanned : 691

Memory threats detected : 0

Registry items scanned : 5364

Registry threats detected : 0

File items scanned : 32196

File threats detected : 0

 

 

Endret av Jyztrik

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...