Rootkit.Trace (seneka)

Forum » Virusakuten » AntimalwareGuru hjälper dig! » Rootkit.Trace (seneka)

Rootkit.Trace (seneka) / av wookie

Raderad Registrerad 2012-05-17 Poster: 0 Från N/A
	Rapportera #1 2009-03-21 kl 10:45
	Dags att skaffa klippkort här. Återigen, förstår inte hur jag kan dra på mig sådana här saker, har inte laddat ner eller installerat några program den senaste månaden. Kan det ligga nåt dolt på hårddisken som "bombar" mig? Kan du kolla HJT-loggen om du ser nåt? Tusen tack för hjälpen. MBAM-log som upptäckte problemet (gjorde en till snabbskann efter som inte upptäckte något): Malwarebytes' Anti-Malware 1.34Databasversion: 1880Windows 5.1.2600 Service Pack 3 2009-03-21 10:20:00mbam-log-2009-03-21 (10-20-00).txt Skanningstyp: Snabb skanningAntal skannade objekt: 81351Förfluten tid: 11 minute(s), 31 second(s) Infekterade minnesprocesser: 0Infekterade minnesmoduler: 0Infekterade registernycklar: 2Infekterade registervärden: 0Infekterade registerdataposter: 0Infekterade mappar: 0Infekterade filer: 0 Infekterade minnesprocesserInga illasinnade poster hittades) Infekterade minnesmodulerInga illasinnade poster hittades) Infekterade registernycklar:HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully. Infekterade registervärdenInga illasinnade poster hittades) Infekterade registerdataposterInga illasinnade poster hittades) HJT-log (skann gjord efter MBAM) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:39:05, on 2009-03-21Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Normal Running processes:C $:\$ WINDOWS\System32\smss.exeC $:\$ WINDOWS\syst em32\winlogon.exeC $:\$ WINDOWS\system32\services.exeC $:\$ W INDOWS\system32\lsass.exeC $:\$ WINDOWS\system32\Ati2ev xx.exeC $:\$ WINDOWS\system32\svchost.exeC $:\$ WINDOWS\Syste m32\svchost.exeC $:\$ Program\Intel\Wireless\Bin\EvtEng .exeC $:\$ Program\Intel\Wireless\Bin\S24EvMon.exeC $:\$ Prog ram\Intel\Wireless\Bin\WLKeeper.exeC $:\$ Program\Lavas oft\Ad-Aware\aawservice.exeC $:\$ WINDOWS\system32\Ati2 evxx.exeC $:\$ WINDOWS\Explorer.EXEC $:\$ Program\Synaptics\S ynTP\SynTPEnh.exeC $:\$ Program\ATI Technologies\ATI.ACE\cli.exeC $:\$ Program\Intel\Wirele ss\bin\ZCfgSvc.exeC $:\$ Program\Intel\Wireless\Bin\ifr mewrk.exeC $:\$ Program\Dell\Media Experience\DMXLauncher.exeC $:\$ Program\Delade filer\InstallShield\UpdateService\issch.exeC $:\$ Progr am\McAfee.com\Agent\mcagent.exeC $:\$ Program\Dell\Quic kSet\Quickset.exeC $:\$ WINDOWS\system32\rundll32.exeC $:\$ P rogram\Java\jre6\bin\jusched.exeC $:\$ WINDOWS\system32 \ctfmon.exeC $:\$ Program\Personal\bin\Personal.exeC $:\$ WIN DOWS\system32\spoolsv.exeC $:\$ Program\Java\jre6\bin\j qs.exeC $:\$ Program\McAfee\SiteAdvisor\McSACore.exeC $:\$ Pr ogram\McAfee\MSC\mcmscsvc.exec $:\$ program\delade filer\mcafee\mna\mcnasvc.exec $:\$ program\DELADE~1\mca fee\mcproxy\mcproxy.exeC $:\$ Program\McAfee\VirusScan\ McShield.exeC $:\$ Program\McAfee\MSK\MskSrver.exeC $:\$ Prog ram\Dell\QuickSet\NICCONFIGSVC.exeC $:\$ Program\Intel\ Wireless\Bin\RegSrvc.exeC $:\$ WINDOWS\system32\tcpsvcs .exeC $:\$ Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC $:\$ Program\ATI Technologies\ATI.ACE\cli.exeC $:\$ Program\McAfee\VIRUS S~1\mcsysmon.exeC $:\$ Program\McAfee\MPF\MPFSrv.exeC $:\$ Pr ogram\Intel\Wireless\Bin\Dot1XCfg.exeC $:\$ WINDOWS\Sys tem32\svchost.exeC $:\$ Program\Malwarebytes' Anti-Malware\mbam.exeC $:\$ Program\Internet Explorer\iexplore.exeC $:\$ Program\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel =se&ibd=5061031R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel =se&ibd=5061031R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.se/ig/dell?hl=sv&client=dell-row& channel=se&ibd=5061031R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C $:\$ Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C $:\$ Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c $:\$ program\mcafee\msk\mcapbho.dllO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C $:\$ Program\Java\jre6\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C $:\$ Program\McAfee\VirusScan\scriptsn.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c $:\$ program\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C $:\$ Program\BAE\BAE.dll (file missing)O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C $:\$ Program\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C $:\$ Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d llO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c $:\$ program\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [SynTPEnh] C $:\$ Program\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATICCC] "C $:\$ Program\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [IntelZeroConfig] "C $:\$ Program\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C $:\$ Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [DMXLauncher] C $:\$ Program\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [ISUSPM Startup] "C $:\$ Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C $:\$ Program\Delade filer\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [mcagent_exe] C $:\$ Program\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Dell QuickSet] C $:\$ Program\Dell\QuickSet\Quickset.exeO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [SunJavaUpdateSched] "C $:\$ Program\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C $:\$ WINDOWS\system32\ctfmon.exeO4 - HKCU\..\RunOnce: [Shockwave Updater] C $:\$ WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; 3P_UVRM 1.00.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://svt.se/svt/jsp/Crosslink.jsp?d=41035&a=446 629"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C $:\$ WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST&#39O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C $:\$ WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE&#39O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C $:\$ WINDOWS\system32\CTFMON.EXE (User 'SYSTEM&#39O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C $:\$ WINDOWS\system32\CTFMON.EXE (User 'Default user&#39O4 - Global Startup: Adobe Reader Speed Launch.lnk = C $:\$ Program\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C $:\$ Program\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Personal.lnk = C $:\$ Program\Personal\bin\Personal.exeO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C $:\$ Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C $:\$ WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C $:\$ WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C $:\$ Program\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C $:\$ Program\Messenger\msmsgs.exeO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.c abO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin .cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/files/Imag eUploader4.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c $:\$ program\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C $:\$ Program\DELADE~1\Skype\SKYPE4~1.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C $:\$ Program\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C $:\$ WINDOWS\system32\Ati2evxx.exeO23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C $:\$ Program\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C $:\$ Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C $:\$ Program\Java\jre6\bin\jqs.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C $:\$ Program\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C $:\$ Program\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c $:\$ program\delade filer\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C $:\$ Program\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c $:\$ program\DELADE~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C $:\$ Program\McAfee\VirusScan\McShield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C $:\$ Program\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C $:\$ Program\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C $:\$ Program\McAfee\MSK\MskSrver.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C $:\$ Program\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C $:\$ Program\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C $:\$ Program\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C $:\$ Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C $:\$ Program\Intel\Wireless\Bin\WLKeeper.exe --End of file - 9989 bytes

AntimalwareGuru Registrerad 2008-07-09 Poster: 595 Från N/A
	Rapportera #2 2009-03-22 kl 02:43
	MBAM uppdateras ju varje dag så det hittar ju mer saker, i ditt fall lär det ju va från ett gammalt problem. hade du dragit på dig ett nytt problem så mycket mer hittats och inte bara registerposter