Vinnaren i pepparkakshustävlingen!
  1. Dator och IT
  2. IT-säkerhet

*** Den stora Hijackthis-tråden ***

Svara
2007-04-30, 17:06
  #1
Crackbaby_2
Medlem
Crackbaby_2s avatar
Tror jag lyckats rensa det mesta fran polarens dator nu. Ar det nagot kvar som behover rensas?

Kod: 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ywiraqe.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8117335E-3801-4CDF-81F8-390EDEB859E1} - C:\Program Files\Windows NT\hore.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [tip46ede] RUNDLL32.EXE tip46ede0.dll,n 00746ed700000020
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinmoea.exe SKY001
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinmoea.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0C4BF0E-7076-499B-AC7F-986EB61EAF73}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:  c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Dcondo32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Citera
2007-04-30, 17:50
  #2
927
Medlem
927s avatar
det fins mer skit. kör detta program och det vore ju bra om du kunde posta loggen på ett läsvänligt vis nästa gång.

spara filen på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

när scanningen är klar så tryck på valfri tangent för att starta om.
när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här.
http://downloads.andymanchesta.com/R...ools/SDFix.exe
Citera
2007-04-30, 18:08
  #3
Crackbaby_2
Medlem
Crackbaby_2s avatar
SDFix: Version 1.81

Run by Administrator - Mon 04/30/2007 - 9:57:27.10

Microsoft Windows XP [Version 5.1.2600]
Service Pack 2

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
MsaSvc
wincom32

ImagePath:
C:\WINDOWS\system32\msasvc.exe
\??\C:\WINDOWS\system32\wincom32.sys

MsaSvc - Deleted
wincom32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPO R~1\CONTENT.IE5\8RS2L4NX\WAFUGI~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPO R~1\CONTENT.IE5\8RS2L4NX\WAFUGI~2.HTM - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system32\abc.exe - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\wincom32.ini - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------


[COLOR=RED]Rootkit huy32 Found, Use a Rootkit scanner ![/COLOR]

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL 9.0b"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Documents and Settings\\Carl Jackson\\Local Settings\\Temp\\mgab.exe"="C:\\Documents and Settings\\Carl Jackson\\Local Settings\\Temp\\mgab.exe:*isabled:enable"
"C:\\Documents and Settings\\Carl Jackson\\Local Settings\\Temp\\eaio.exe"="C:\\Documents and Settings\\Carl Jackson\\Local Settings\\Temp\\eaio.exe:*isabled:enable"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:* isabled:LimeWire swarmed installer"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\ Temp\\NavBrowser.exe:*isabled:NAVBrowser"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*isabled:Y ahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*isabled:Ya hoo! Messenger"
"C:\\WINDOWS\\system32\\lnwin.exe"="C:\\WINDOWS\\s ystem32\\lnwin.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\ system32\\adirss.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0b\\waol.exe"="C:\\Program Files\\AOL 9.0b\\waol.exe:*:Enabled:AOL 9.0b"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\AOL 9.0\aolphx.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL 9.0\RBM.exe
C:\Program Files\AOL 9.0b\aolphx.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\Program Files\AOL 9.0b\RBM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished
Citera
2007-04-30, 18:20
  #4
927
Medlem
927s avatar
installera >uppdatera superantispyware.
scan computer >välj complete scan >klicka på next >starta om.
öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in det i loggen här.
http://www.superantispyware.com/down...ntiSpyware.exe

hämta detta program >spara på skrivbordet> klicka på filen.
hittas problem så kommer datorn att starta om.
när allt är klart så kommer minst en loggfil öppnas, kopiera in den
http://www.uploads.ejvindh.net/rustbfix.exe
Citera
2007-04-30, 19:03
  #5
Crackbaby_2
Medlem
Crackbaby_2s avatar
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/30/2007 at 10:49 AM

Application Version : 3.7.1018

Core Rules Database Version : 3227
Trace Rules Database Version: 1238

Scan type : Complete Scan
Total Scan Time : 00:22:07

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 5437
Registry threats detected : 23
File items scanned : 30118
File threats detected : 168

Trojan.ZenoSearch
[ExploreUpdSched] C:\WINDOWS\SYSTEM32\RWINMOEA.EXE
C:\WINDOWS\SYSTEM32\RWINMOEA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AOL 9.0B\OPTCLEAN.EXE
C:\DOCUMENTS AND SETTINGS\CARL JACKSON\START MENU\PROGRAMS\STARTUP\THINK-ADZ.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0000009.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0001064.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0002007.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0002027.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0002037.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0002049.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP1\A0002056.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP2\A0002097.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP2\A0003095.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP2\A0004096.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP2\A0005095.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP2\A0005393.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006379.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006389.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006395.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006403.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006426.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006456.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006531.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP4\A0006551.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP4\A0006594.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP4\A0006603.LNK
C:\WINDOWS\Prefetch\RWINMOEA.EXE-04F56EF1.pf

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34546}\InProcServer32
C:\WINDOWS\SYSTEM32\VBSYS2.DLL

Trojan.Downloader
HKLM\Software\Classes\CLSID\{8117335E-3801-4CDF-81F8-390EDEB859E1}
HKCR\CLSID\{8117335E-3801-4CDF-81F8-390EDEB859E1}
HKCR\CLSID\{8117335E-3801-4CDF-81F8-390EDEB859E1}
HKCR\CLSID\{8117335E-3801-4CDF-81F8-390EDEB859E1}\InProcServer32
HKCR\CLSID\{8117335E-3801-4CDF-81F8-390EDEB859E1}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\WINDOWS NT\HORE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8117335E-3801-4CDF-81F8-390EDEB859E1}

Adware.Tracking Cookie
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adserver[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter8.sextracker[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adrevolver[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@s[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@mb[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cgi-bin[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cz7.clickzs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@vip2.clickzs[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@mediaplex[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ehg-ripedigitalentertainment.hitbox[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tradedoubler[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.adultwork[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter13.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@mb[3].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@atdmt[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.adultdvdsite.co[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@manchester.localsex[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cz5.clickzs[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@statcounter[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@mb[5].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cgi-bin[4].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cz8.clickzs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.guardian.co[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@serving-sys[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@aoluk.122.2o7[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@keywordmax[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cs.sexcounter[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter4.sextracker[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.adultwork.co[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@zedo[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@m1.webstats4u[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.aol.co[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tribalfusion[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@stats1.reliablestats[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adultwork[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter14.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter5.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@bluestreak[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@realsexcash[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cz6.clickzs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@xcart[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adbrite[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tacoda[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.amaena[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@mb[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sexintheuk[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter9.sextracker[2].txt
Citera
2007-04-30, 19:04
  #6
Crackbaby_2
Medlem
Crackbaby_2s avatar
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@dtr[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@888[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.belstat[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tracking.yazor[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@revsci[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@statse.webtrendslive[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.888[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cgi-bin[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@stats.drivecleaner[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sexlog[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@toplist[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.sex-movs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cz3.clickzs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@advertising[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@247realmedia[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@hitbox[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@revenue[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sexlist[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adultadworld[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sexfinder-uk[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@image.masterstats[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@interclick[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.xsex[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@pagead[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.clash-media[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.contactmusic[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.adultshop247[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@1062961433[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@a[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adrevolver[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@casalemedia[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adultwork.co[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@stat.onestat[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@doubleclick[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@burstnet[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@stats2.reliablestats[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter6.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@bs.serving-sys[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@fastclick[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.theporntoplist[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@20070108_e501[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adopt.euroclick[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ehg-capitalgroup.hitbox[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter2.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@msnportal.112.2o7[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@atoc.112.2o7[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ad.yieldmanager[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.pointroll[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adtech[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adultdvdsite.co[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@as-eu.falkag[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@xxxcounter[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cgi-bin[5].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.sexyyounggirls[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ad.zanox[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter12.sextracker[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adrevolver[3].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@realmedia[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@tracker.myspacemaps[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads.k8l[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@banner.scasino[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ex=1_[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@xxxporn[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@adopt.hbmediapro[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@findwhat[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@1062812452[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@sexshop365.co[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ads4.think-adz[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@clickbank[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@overture[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cassava[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@c5.zedo[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@winantispyware[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@cgi-bin[3].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@counter3.sextracker[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@azjmp[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@ex=1[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@indexstats[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@www.burstnet[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@affiliate_area[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@webstats.wthosting.co[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@anad.tacoda[1].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@vip.clickzs[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@kanoodle[2].txt
C:\Documents and Settings\Carl Jackson\Cookies\carl jackson@stat.dealtime[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\s ystem@ads.k8l[1].txt

Adware.WebNexus
HKLM\Software\qstat
HKLM\Software\qstat#double
HKLM\Software\qstat#brr
HKLM\Software\qstat#unq
HKLM\Software\qstat#lid
HKLM\Software\qstat#stat

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\uwasfsd.CreationNotifier
HKCR\uwasfsd.CreationNotifier\CLSID
HKCR\uwasfsd.CreationNotifier\CurVer
HKCR\uwasfsd.CreationNotifier.1
HKCR\uwasfsd.CreationNotifier.1\CLSID

Trojan.TaskDir
HKU\S-1-5-21-583907252-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run #taskdir [ C:\WINDOWS\system32\taskdir.exe ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C4930400-D953-4C12-A7D5-28E0096DA259}\RP3\A0006420.DLL

Trojan.NewDotNet
C:\WINDOWS\NDNUNINSTALL7_48.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS
Citera
2007-04-30, 19:05
  #7
Crackbaby_2
Medlem
Crackbaby_2s avatar
************************* Rustock.b-fix -- By ejvindh *************************
30/04/2007 11:00:35.34

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
:huy32.sy_ 73098
Total size: 73098 bytes.
Attempting to remove ADS...
system32: deleted 73098 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************
Citera
2007-04-30, 21:06
  #8
927
Medlem
927s avatar
posta en ny hjt logg.

hämta denna fil >spara den på skrivbordet.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

dubbelklicka på exe filen >välj tillåt om brandväggen frågar >klicka på valfri tangent >skriv 1 >enter.
posta loggen som visas automatiskt
Citera
2007-04-30, 22:21
  #9
Crackbaby_2
Medlem
Crackbaby_2s avatar
Logfile of HijackThis v1.99.1
Scan saved at 14:17:25, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [tip46ede] RUNDLL32.EXE tip46ede0.dll,n 00746ed700000020
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0C4BF0E-7076-499B-AC7F-986EB61EAF73}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Dcondo32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Citera
2007-04-30, 22:23
  #10
Crackbaby_2
Medlem
Crackbaby_2s avatar
SmitFraudFix v2.171

Scan done at 14:18:59.93, 30/04/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carl Jackson


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Carl Jackson\Application Data

C:\Documents and Settings\Carl Jackson\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CARLJA~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" c:\\windows\\system32\\ldcore.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Packet Scheduler Miniport
DNS Server Search Order: 4.2.2.1
DNS Server Search Order: 4.2.2.2

Description: Belkin Wireless G USB Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{663C7014-1A5D-4895-A786-38619EF5863D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0C4BF0E-7076-499B-AC7F-986EB61EAF73}: NameServer=4.2.2.1,4.2.2.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{663C7014-1A5D-4895-A786-38619EF5863D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B0C4BF0E-7076-499B-AC7F-986EB61EAF73}: NameServer=4.2.2.1,4.2.2.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Citera
2007-04-30, 23:03
  #11
927
Medlem
927s avatar
det kan bli lite för mycket säkerhetsprogram, det ser ut som att norton och avg används som antivrusprogram och norton som brandvägg. isf bör du ju ta bort avg. däremot tycker jag att du ska behålla avg antispy och superantispyware.

kör smitfraudfix igen men välj #2 denna gång.

gör en ny scan med hjt och bocka för dessa

O4 - HKLM\..\Run: [tip46ede] RUNDLL32.EXE tip46ede0.dll,n 00746ed700000020

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Dcondo32.dll (file missing)

klicka på knappen fix checked.

ta bort dessa filer i felsäkert läge
tip46ede0.dll
c:\windows\system32\ldcore.dll

--------------------------------------------------------------------------------------------------

det är möjligt att du får problem med ldcore.dll, då får du göra så här:

http://swandog46.geekstogo.com/avenger.exe

spara exe filen på skrivbordet >starta programmet >bocka för input script manually >klicka på förstoringsglaset >kopiera in detta i fönstret:

Files to delete:
C:\WINDOWS\system32\ldcore.dll

klicka på done >klicka på gröna lampan >svara ja.
när datorn är färdig så ska en logg visas. posta den och en ny HJT logg.

visas ingen logg så finns den här C:\avenger.txt

klicka på done >klicka på gröna lampan >svara ja.
när datorn är färdig så ska en logg visas. posta den och en ny HJT logg.

visas ingen logg så finns den här C:\avenger.txt

EDIT
Citera
2007-05-01, 00:00
  #12
Crackbaby_2
Medlem
Crackbaby_2s avatar
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\uk^avedl

*******************

Script file located at: \??\C:\jvtbyxsw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\ldcore.dll not found!
Deletion of file C:\WINDOWS\system32\ldcore.dll failed!

Could not process line:
C:\WINDOWS\system32\ldcore.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Citera
Svara

Stöd Flashback

Flashback finansieras genom donationer från våra medlemmar och besökare. Det är med hjälp av dig vi kan fortsätta erbjuda en fri samhällsdebatt. Tack för ditt stöd!

Stöd Flashback