Just nu i M3-nätverket
Jump to content

logg hjälp nån? har skaffat mig Virtumonde bland annat


RHansson

Recommended Posts

Hej på er!
jag tänkte att jag skulle komma dragandes med mina problem.
har skaffat mig lite infektioner och mitt data kunnande är absolut inget Antibiotika.
Jag har gjort en HijackThis och en ComboFix logg
jag är inte säker på omjag gjort detta på rätt vis men jag tror att loggarna är vad som behövs.
Om någon har lust att ta en titt skulle jag vara mycket tacksam.

Tack på förhand
/Rikard


Här är HijackThis loggen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:46:34, on 2008-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Windows Defender\MSASCui.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\explorer.exe
C:\Program\HJThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1.nu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [sDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115161183703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163154392640
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C27BA3-11DE-4F1B-98ED-0999F7CF6A73}: NameServer = 83.140.87.2,193.11.230.41
O20 - Winlogon Notify: nnnnLccB - nnnnLccB.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://www.ptc-crew.com/assets/pics/Portraits/crewpic_blacki1_96x239.jpg

--
End of file - 9668 bytes

Och här har ni ComboFix

Vet dock inte om jag är för sen ut med denna. kanske skulle ha gjort en scan när jag upptäkte Skräpet?

--------------------------------------------------------------------------------------
ComboFix 08-04-22.5 - HemPC 2008-04-24 17:15:26.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1053.18.617 [GMT 2:00]
Running from: C:\Documents and Settings\HemPC\Skrivbord\ComboFix.exe
 * Created a new restore point



(((((((((((((((((((((((((   Files Created from 2008-03-24 to 2008-04-24  )))))))))))))))))))))))))))))))
.

2008-04-22 22:30 . 2008-04-22 22:32    <KAT>    d--------    C:\Program\RogueRemover FREE
2008-04-17 23:32 . 2008-04-21 20:14    <KAT>    d--------    C:\Program\Raxco
2008-04-17 20:46 . 2008-04-17 20:46    <KAT>    d--------    C:\Program\Zone Labs
2008-04-16 22:46 . 2008-04-16 22:46    <KAT>    d--------    C:\Program\SlySoft
2008-04-16 22:29 . 2008-04-16 22:54    34,308    --a------    C:\WINDOWS\system32\Chip.dll
2008-04-16 20:13 . 2008-04-16 20:13    294    ---hs----    C:\WINDOWS\system32\owpucjyl.ini
2008-04-16 20:12 . 2008-04-16 20:12    87,616    --a------    C:\WINDOWS\system32\vräv.dll
2008-04-15 21:39 . 2008-03-03 14:25    5,702    --ah-----    C:\WINDOWS\nod32restoretemdono.reg
2008-04-15 21:39 . 2008-03-03 18:21    568    --ah-----    C:\WINDOWS\nod32fixtemdono.reg
2008-04-15 21:36 . 2008-04-15 21:36    <KAT>    d--------    C:\Documents and Settings\All Users\Application Data\ESET
2008-03-24 20:44 . 2008-04-23 20:47    41    ---hs----    C:\Documents and Settings\All Users\Application Data\.zreglib
2008-03-24 20:39 . 2008-03-24 20:44    24    ---hs----    C:\WINDOWS\S921360E7.tmp
2008-03-24 16:39 . 2008-03-24 17:33    <KAT>    d--------    C:\Temp
2008-03-24 16:39 . 2007-07-18 13:53    2,097,152    --a------    C:\Temp\autorun.bin
2008-03-24 16:39 . 2006-02-16 12:25    769,024    ---------    C:\Temp\SFDNWIN.exe
2008-03-24 16:19 . 2008-03-24 16:19    <KAT>    d--------    C:\CDROM

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 14:25    ---------    d-----w    C:\Documents and Settings\HemPC\Application Data\uTorrent
2008-04-23 18:32    ---------    d-----w    C:\Program\HJThis
2008-04-21 17:34    ---------    d-----w    C:\Program\Delade filer\LogiShrd
2008-04-15 19:36    ---------    d-----w    C:\Program\ESET
2008-04-07 15:59    ---------    d--h--w    C:\Program\InstallShield Installation Information
2008-04-07 15:58    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 15:57    ---------    d-----w    C:\Program\SpywareBlaster
2008-04-07 15:55    ---------    d-----w    C:\Documents and Settings\HemPC\Application Data\Lavasoft
2008-04-07 15:54    ---------    d-----w    C:\Program\Registry Easy
2008-04-01 20:39    ---------    d-----w    C:\Program\Java
2008-03-26 21:13    ---------    d-----w    C:\Documents and Settings\HemPC\Application Data\AdobeUM
2008-03-20 08:10    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-03-16 12:56    ---------    d-----w    C:\Program\Logitech
2008-03-16 12:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-13 21:11    1,086,952    ----a-w    C:\WINDOWS\system32\zpeng24.dll
2008-03-13 11:50    ---------    d-----w    C:\Program\RegistrySmart
2008-03-13 09:06    691,545    ----a-w    C:\WINDOWS\unins000.exe
2008-03-09 12:43    ---------    d--h--w    C:\Program\Delade filer\Sony Shared
2008-03-09 09:33    ---------    d-----w    C:\Program\Sony
2008-03-09 09:33    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-03-03 20:30    1,777    ----a-w    C:\drvpnp.dat
2008-03-03 20:29    653    ----a-w    C:\pnpID.dat
2008-03-01 13:02    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-02-24 00:29    ---------    d-----w    C:\Program\MSN Messenger
2008-02-24 00:28    ---------    d-----w    C:\Program\Windows Live
2008-02-24 00:26    ---------    dcsh--w    C:\Program\Delade filer\WindowsLiveInstaller
2008-02-24 00:24    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38    45,568    ----a-w    C:\WINDOWS\system32\dnsrslvr.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-23_22.22.32.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 18:39:04    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-04-24 10:28:53    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
- 2008-04-23 11:10:33    8,801,343    ----a-w    C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-04-24 13:19:42    8,830,353    ----a-w    C:\WINDOWS\system32\ZoneLabs\spyware.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184]
"RemoteCenter"="C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-11-21 09:33 135168]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34 15360]
"swg"="C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program\Messenger\MSMSGS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-10-05 23:11 866584]
"SBDrvDet"="C:\Program\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"CTDVDDet"="C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"CTSysVol"="C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"Wizard"="" []
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2003-12-12 11:31 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"AVG7_CC"="C:\Program\Grisoft\AVG7\avgcc.exe" [ ]
"SDTray"="C:\Program\Spyware Doctor\SDTrayApp.exe" [ ]
"WinampAgent"="C:\Program\Winamp\winampa.exe" [ ]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"egui"="C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"CloneCDTray"="C:\Program\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:34 15360]
"DWQueuedReporting"="C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnLccB]
nnnnLccB.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\ATI-CPanel\atiptaxx.exe
"Easy-PrintToolBox"=C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\Mozilla Firefox\\firefox.exe"=
"C:\\Program\\DC++\\DCPlusPlus.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\livecall.exe"=

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\System32\drivers\tdi_rd.sys [2004-10-13 22:01]
S0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys []
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2002-09-11 14:00]
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\DVD-W.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-24 14:50:01 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job"
- C:\Program\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-24 15:16:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 17:18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 17:21:02
ComboFix-quarantined-files.txt  2008-04-24 15:20:09

Pre-Run: 60,313,051,136 byte ledigt
Post-Run: 60,297,875,456 byte ledigt

162    --- E O F ---    2008-04-23 11:03:11

Link to comment
Share on other sites

Hur länge har datorn varit infekterad?
Det här forumet fungerar dåligt med många långa loggar, det blir orimligt segt, så jag får be dig att i stället gå till http://eforum.idg.se.
I ditt inlägg där så bifogar du en HijackThis-logg från den senaste versionen:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

samt en ComboFix-logg från den senaste versionen:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

I ditt inlägg där bifogar du en logg på detta sätt:

Tryck på LOG-knappen i inläggs-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...