Gå til innhold

noen som er så snille så de ser på hijackthis loggen min

froZZo

Av froZZo
i IKT-drift og sikkerhet

Anbefalte innlegg

froZZo

froZZo

Skrevet
Skrevet (endret)

Logfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 18:47:33, on 11.01.2008

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\WINDOWS\system32\WgaTray.exe

 

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

 

C:\WINDOWS\SOUNDMAN.EXE

 

C:\WINDOWS\Logi_MwX.Exe

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

C:\WINDOWS\system32\rundll32.exe

 

C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe

 

C:\Program Files\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\msiexec.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files\MSN Messenger\msnmsgr.exe

 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

C:\Program Files\MSN Messenger\usnsvc.exe

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

 

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

 

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

 

O4 - HKLM\..\Run: [-

 

] C:\WINDOWS\afvxnjhv.exe

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

 

O4 - HKCU\..\Run: [3COM] "C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe"

 

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

 

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

 

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

O4 - Global Startup: CNet Wireless Utility.lnk = ?

 

O8 - Extra context menu item: E&ksporter til Microsoft

 

 

 

 

 

Endret av froZZo
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet (endret)
hva var gernt da? mybar, searchbar osv? ikke noe farlig i det i alle fall, eneste jeg så som jeg ikke kjente igjenn var afvxnjhv.exe?

 

- og den linja bør føre til at man anbefaler trådstarter om å kjøre noen ekstra runder. Sannsynligheten for at den fila tilhører en Vundo-infeksjon (e.a) er tilstede.

Endret av norbat
Lenke til kommentar
froZZo

froZZo

Skrevet
  • Forfatter
Skrevet (endret)

SUPERAntiSpyware Scan Log

 

 

http://www.superantispyware.com

 

 

 

 

 

 

 

Generated 01/12/2008 at 05:13 PM

 

 

 

 

 

 

 

Application Version : 3.9.1008

 

 

 

 

 

 

 

Core Rules Database Version : 3379

 

 

 

Trace Rules Database Version: 1373

 

 

 

 

 

 

 

Scan type : Complete Scan

 

 

 

Total Scan Time : 01:00:32

 

 

 

 

 

 

 

Memory items scanned : 371

 

 

 

Memory threats detected : 0

 

 

 

Registry items scanned : 5020

 

 

 

Registry threats detected : 121

 

 

 

File items scanned : 37998

 

 

 

File threats detected : 5

 

 

 

 

 

 

 

Adware.MyWay

 

 

 

HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib

 

 

 

C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

 

 

 

HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib

 

 

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\win32

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS

 

 

 

HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR

 

 

 

HKCR\MyWayToolBar.NetscapeShutdown

 

 

 

HKCR\MyWayToolBar.NetscapeShutdown\CLSID

 

 

 

HKCR\MyWayToolBar.NetscapeShutdown\CurVer

 

 

 

HKCR\MyWayToolBar.NetscapeShutdown.1

 

 

 

HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID

 

 

 

HKCR\MyWayToolBar.NetscapeStartup

 

 

 

HKCR\MyWayToolBar.NetscapeStartup\CLSID

 

 

 

HKCR\MyWayToolBar.NetscapeStartup\CurVer

 

 

 

HKCR\MyWayToolBar.NetscapeStartup.1

 

 

 

HKCR\MyWayToolBar.NetscapeStartup.1\CLSID

 

 

 

HKCR\MyWayToolBar.SettingsPlugin

 

 

 

HKCR\MyWayToolBar.SettingsPlugin\CLSID

 

 

 

HKCR\MyWayToolBar.SettingsPlugin\CurVer

 

 

 

HKCR\MyWayToolBar.SettingsPlugin.1

 

 

 

HKCR\MyWayToolBar.SettingsPlugin.1\CLSID

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

 

 

 

HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

 

 

 

HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

 

 

 

HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

 

 

 

HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version

 

 

 

HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID

 

 

 

HKLM\Software\MyWay

 

 

 

HKLM\Software\MyWay\myBar

 

 

 

HKLM\Software\MyWay\myBar#Dir

 

 

 

HKLM\Software\MyWay\myBar#ShzmCurInstall

 

 

 

HKLM\Software\MyWay\myBar#pid

 

 

 

HKLM\Software\MyWay\myBar#strings

 

 

 

HKLM\Software\MyWay\myBar#CurInstall

 

 

 

HKLM\Software\MyWay\myBar#sr

 

 

 

HKLM\Software\MyWay\myBar#pl

 

 

 

HKLM\Software\MyWay\myBar#Id

 

 

 

HKLM\Software\MyWay\myBar#Build

 

 

 

HKLM\Software\MyWay\myBar#CacheDir

 

 

 

HKLM\Software\MyWay\myBar#HistoryDir

 

 

 

HKLM\Software\MyWay\myBar#Visible

 

 

 

HKLM\Software\MyWay\myBar#Maximized

 

 

 

HKLM\Software\MyWay\myBar#SettingsDir

 

 

 

HKLM\Software\MyWay\myBar#ConfigRevision

 

 

 

HKLM\Software\MyWay\myBar#ConfigRevisionURL

 

 

 

HKLM\Software\MyWay\myBar#ConfigDateStamp

 

 

 

HKLM\Software\MyWay\myBar#CheckForConnection

 

 

 

HKLM\Software\MyWay\myBar\partner

 

 

 

HKLM\Software\MyWay\myBar\partner#bitmap

 

 

 

HKLM\Software\MyWay\myBar\partner#name

 

 

 

HKLM\Software\MyWay\myBar\partner#test

 

 

 

HKLM\Software\MyWay\myBar\partner#PM-Home

 

 

 

HKLM\Software\MyWay\myBar\partner#PM-Points

 

 

 

HKLM\Software\MyWay\myBar\partner#PM-Redeem

 

 

 

HKLM\Software\MyWay\myBar\partner#PM-Wallet

 

 

 

HKLM\Software\MyWay\myBar\partner#PM-Settings

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout

 

 

 

 

 

 

 

Adware.Tracking Cookie

 

 

 

C:\Documents and Settings\privat\Cookies\privat@adtech[1].txt

 

 

 

C:\Documents and Settings\privat\Cookies\[email protected][1].txt

 

 

 

 

 

 

 

Adware.IST/YourSiteBar

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#.Owner

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll#{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [ ]

 

 

 

 

 

 

 

Adware.IST/ISTBar (Slotch Bar)

 

 

 

HKU\S-1-5-21-1177238915-823518204-1801674531-1003\Software\Microsoft\Internet Explorer\Main#BandRest

 

 

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

 

 

 

 

 

 

 

Trojan.ErrorSafe

 

 

 

C:\DOCUMENTS AND SETTINGS\PRIVAT\APPLICATION DATA\ERRORSAFEFREEINSTALL_NO[1].EXE

 

 

 

 

 

 

 

Trojan.WinAntiSpyware/WinAntiVirus 2006

 

 

 

C:\SYSTEM VOLUME INFORMATION\_RESTORE{FF7C848C-B8F6-4F40-9060-2A8E7B6B0C11}\RP690\A0197101.EXE

 

 

 

Klikk for å se/fjerne spoilerteksten nedenfor

 

Endret av froZZo
Lenke til kommentar
froZZo

froZZo

Skrevet
  • Forfatter
Skrevet (endret)

combofix logg

 

 

ComboFix 08-01-11.3 - privat 2008-01-12 17:23:43.1 - NTFSx86

 

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 1:00]

 

Running from: C:\Documents and Settings\privat\Desktop\ComboFix.exe

 

* Created a new restore point

 

.

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

 

 

F:\Autorun.inf

 

 

 

.

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

 

.

 

 

 

2008-01-12 17:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

 

2008-01-12 16:12 . 2008-01-12 16:13 d-------- C:\Program Files\SUPERAntiSpyware

 

2008-01-12 16:12 . 2008-01-12 16:12 d-------- C:\Documents and Settings\privat\Application Data\SUPERAntiSpyware.com

 

2008-01-12 16:12 . 2008-01-12 16:12 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

 

2008-01-12 16:10 . 2008-01-12 16:10 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

 

2008-01-12 16:07 . 2008-01-12 16:07 d-------- C:\extensions

 

2008-01-12 16:06 . 2008-01-12 16:07 d-------- C:\Program Files\Yahoo!

 

2008-01-12 16:06 . 2008-01-12 16:07 d-------- C:\Program Files\CCleaner

 

2008-01-11 18:46 . 2008-01-11 18:46 d-------- C:\Program Files\Trend Micro

 

2008-01-04 23:01 . 2008-01-11 18:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn

 

2008-01-04 23:01 . 2008-01-04 23:01 1,409 --a------ C:\WINDOWS\QTFont.for

 

 

 

.

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2008-01-12 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7

 

2008-01-12 15:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

 

2008-01-11 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

 

2008-01-11 18:16 --------- d-----w C:\Documents and Settings\privat\Application Data\AVG7

 

2008-01-11 17:43 --------- d-----w C:\Program Files\iPod

 

2008-01-11 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

 

2008-01-10 18:06 --------- d-----w C:\Documents and Settings\privat\Application Data\dvdcss

 

2008-01-06 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

 

2008-01-04 21:58 --------- d-----w C:\Program Files\QuickTime

 

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

 

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

 

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

 

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

 

.

 

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [ ]

 

"3COM"="C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe" [2005-03-23 22:03 409600]

 

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 01:35 188416]

 

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 20:50 155648]

 

"-

 

"="C:\WINDOWS\afvxnjhv.exe" [ ]

 

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-02 19:44 579072]

 

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 77824 C:\WINDOWS\SOUNDMAN.EXE]

 

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]

 

"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]

 

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 08:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

 

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]

 

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]

 

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

 

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

 

 

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

 

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 07:04 219136]

 

 

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

 

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

 

 

R0 ABIT-IO;ABIT-IO;C:\WINDOWS\system32\Drivers\ABIT-IO.sys [2005-12-08 13:53]

 

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 13:42]

 

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-08-01 08:09]

 

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-08-01 08:09]

 

R3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-03-28 13:24]

 

S3 FVNETusb(505 2958)®; FVNETusb(505 2958)® Service for CNet Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-07-23 13:02]

 

S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-06-29 09:59]

 

S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 11:43]

 

S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 11:43]

 

S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 11:43]

 

S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 11:43]

 

S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 11:43]

 

S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 11:43]

 

 

 

*Newly Created Service* - PROCEXP90

 

.

 

**************************************************************************

 

 

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

 

Rootkit scan 2008-01-12 17:26:53

 

Windows 5.1.2600 Service Pack 2 NTFS

 

 

 

scanning hidden processes ...

 

 

 

scanning hidden autostart entries ...

 

 

 

scanning hidden files ...

 

 

 

scan completed successfully

 

hidden files: 0

 

 

 

 

 

Endret av froZZo
Lenke til kommentar
froZZo

froZZo

Skrevet
  • Forfatter
Skrevet (endret)

hijacthis logg

Klikk for å se/fjerne spoilerteksten nedenforLogfile of Trend Micro HijackThis v2.0.2

 

Scan saved at 17:40:20, on 12.01.2008

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

 

C:\WINDOWS\system32\winlogon.exe

 

C:\WINDOWS\system32\services.exe

 

C:\WINDOWS\system32\lsass.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\WINDOWS\system32\svchost.exe

 

C:\WINDOWS\system32\WgaTray.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

 

C:\WINDOWS\SOUNDMAN.EXE

 

C:\WINDOWS\Logi_MwX.Exe

 

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe

 

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

C:\WINDOWS\system32\rundll32.exe

 

C:\Program Files\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe

 

C:\WINDOWS\system32\wuauclt.exe

 

C:\WINDOWS\System32\svchost.exe

 

C:\WINDOWS\system32\wuauclt.exe

 

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

C:\Program Files\Winamp\Winamp.exe

 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

 

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

 

O4 - HKLM\..\Run: [-

 

] C:\WINDOWS\afvxnjhv.exe

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

 

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

 

O4 - HKCU\..\Run: [3COM] "C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe"

 

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

 

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

 

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

 

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

 

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

O4 - Global Startup: CNet Wireless Utility.lnk = ?

 

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

 

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://euphspace.spaces.msn.com//PhotoUpload/MsnPUpld.cab

 

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

--

 

End of file - 5597 bytes

 

 

combofix logg. sas kjem seiner, tar nesten 1 time å kjøre den på drittmaskina her.

Endret av froZZo
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O4 - HKLM\..\Run: [-] C:\WINDOWS\afvxnjhv.exe

 

Oppdater JAVA: http://java.com/en/download/index.jsp

 

Avinstaller Combofix:

Klikk: Start->Kjør

SKriv: ComboFix /u

Combofix vil starte opp og deretter avinstallere seg.

 

Tøm temp.filer:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Register'til det ikke finner flere feil.

 

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...