exhizor Skrevet 6. desember 2009 Del Skrevet 6. desember 2009 Hei, jeg spiller WoW og her om dagen ble jeg hacket, antakelighvis pågrunn av en keylogger. Så nå har jeg scannet gjennom med forskjellige programmer og fått fjernet noe og legger ut noen logger. Hvis noen har lyst til å sjekke de så tusen takk. [b]Hijackthis log:[/b] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:23, on 06.12.2009 Platform: Unknown Windows (WinNT 6.01.3004) MSIE: Internet Explorer v8.00 (8.00.7100.0000) Boot mode: Normal Running processes: D:\Windows\system32\taskhost.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe D:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe D:\Program Files\AVG\AVG8\avgtray.exe D:\Program Files\PowerISO\PWRISOVM.EXE D:\Windows\WindowsMobile\wmdc.exe D:\Program Files\Logitech\Gaming Software\LWEMon.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\RayV\RayV\RayV.exe D:\Program Files\V3CallCenter\V3faxecp.exe D:\Program Files\Launchy\Launchy.exe D:\Program Files\No-IP\DUC20.exe D:\Users\Ørjan\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe D:\Program Files\OpenOffice.org 3\program\soffice.exe D:\Program Files\OpenOffice.org 3\program\soffice.bin D:\Program Files\Windows Live\Contacts\wlcomm.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\Windows\system32\wuauclt.exe D:\Windows\system32\NOTEPAD.EXE D:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe D:\Windows\system32\taskhost.exe D:\Windows\system32\DllHost.exe D:\Windows\system32\DllHost.exe D:\Windows\system32\taskeng.exe D:\Windows\system32\SearchFilterHost.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LgDevAgt] "D:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "D:\Users\Ørjan\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RayV] D:\Program Files\RayV\RayV\RayV.exe /background O4 - HKCU\..\Run: [CairoShell] D:\Program Files\Cairo Shell\CairoDesktop.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe O4 - Startup: OpenOffice.org 3.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: CallCenter Printer Interface.lnk = D:\Program Files\V3CallCenter\V3faxecp.exe O4 - Global Startup: Launchy.lnk = D:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Spill\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Spill\Need For Speed Pro Street\PB\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Windows\System32\nvSCPAPISvr.exe -- End of file - 9889 bytes [b]MBAM log[/b] Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3289 Windows 6.1.7100 Internet Explorer 8.0.7100.0 06.12.2009 18:48:04 mbam-log-2009-12-06 (18-48-04).txt Skanntype: Full Skann (C:\|D:\|E:\|F:\|G:\|) Objekter skannet: 481240 Tid tilbakelagt: 2 hour(s), 20 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 19 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\arne\System Volume Information\_restore{E759BF48-68FF-46F5-B454-AA9D8AC1C8AF}\RP5\A0000231.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\arne\System Volume Information\_restore{E759BF48-68FF-46F5-B454-AA9D8AC1C8AF}\RP7\A0001347.exe (Malware.Hacktool) -> Quarantined and deleted successfully. C:\arne\System Volume Information\_restore{E759BF48-68FF-46F5-B454-AA9D8AC1C8AF}\RP7\A0001324.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Install\Adobe Dreamweaver CS3 (9.0) + Crack\Adobe DreamWeaver CS3\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully. C:\Install\Adobe PhotoShop CS4 Incl. Keygen\adobe.photoshop.cs4-nope.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{24546916-3D39-4A13-9201-8B98F883B6DE}\RP14\A0009690.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{24546916-3D39-4A13-9201-8B98F883B6DE}\RP14\A0009692.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{24546916-3D39-4A13-9201-8B98F883B6DE}\RP14\A0009926.exe (Malware.Hacktool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{24546916-3D39-4A13-9201-8B98F883B6DE}\RP8\A0003253.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C897D620-AB45-4E83-9C90-EB419606FFC6}\RP11\A0000355.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C897D620-AB45-4E83-9C90-EB419606FFC6}\RP11\A0000362.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C897D620-AB45-4E83-9C90-EB419606FFC6}\RP11\A0000364.exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C897D620-AB45-4E83-9C90-EB419606FFC6}\RP14\A0000694.exe (Malware.Hacktool) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E759BF48-68FF-46F5-B454-AA9D8AC1C8AF}\RP55\A0015905.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\Program Files\Adobe\Adobe Photoshop CS4\adobe.photoshop.cs4-nope.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\Program Files\Image-Line\Shared\DSP_IPP\Uninstall.exe (Rootkit.Agent) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{F29673C1-7363-441D-B28F-DE7D87EDDC4A}\RP129\A0052107.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. D:\Users\Ørjan\Downloads\Adobe Illustrator CS4\Key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. D:\Windows.old\Documents and Settings\Ørjan\Programdata\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. Lenke til kommentar
Svenni212000 Skrevet 6. desember 2009 Del Skrevet 6. desember 2009 (endret) [1] Oppgrader ditt Antivirusprogram (AVG 8 til AVG 9) http://free.avg.com/ww-en/download-avg-ant...us-free-edition [2] Installer en brannmur http://www.zonealarm.com/security/en-us/fr...rm-firewall.htm [3] Slå av Systemgjenoppretting for alle stasjoner http://support.microsoft.com/kb/310405/no http://windows.microsoft.com/nb-no/windows...-System-Restore [4] Start Diskopprydding og kjør:: Alle filer under fanen Diskopprydding Rydd opp under Systemgjenoppretting eller Systemgjenoppretting under Flere alternativer. --Gjenta prosessen på alle stasjoner http://support.microsoft.com/kb/310312/no http://windows.microsoft.com/nb-NO/windows...ng-Disk-Cleanup [5] Se etter oppdateringer og kjør et nytt søk med MBAM. [6] Se etter oppdateringer og kjør et søk med AVG 9 Endret 6. desember 2009 av Svenni212000 Lenke til kommentar
snippsat Skrevet 6. desember 2009 Del Skrevet 6. desember 2009 (endret) Hijackthis loggen er ren. Ha kontroll på LogMeIn Hamachi 2.0 og WinPcap. Dette er programmer som uønskete kan få tilgang til din pc letter. Skifte passord kan være lurt. Sjekk om software er oppdatert Secunia Råd fra Svenni212000 lurt og følge. Surf trygt. Endret 6. desember 2009 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå