Zonekiller2 Skrevet 7. mars 2010 Del Skrevet 7. mars 2010 Hei alle sammen, jeg har i den siste tiden hatt store problemer med en trojaner(tror jeg), og jeg lurte på om dere kunne tyde eller se noe galt i denne Hijackthis-loggen. Jeg har fulgt denne 7 stegs guiden før jeg brukte Hijackthis: http://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1 Jeg er takknemmelig for all hjelp jeg kan få, og jeg registrerte meg her i håp om at dere kunne hjelpe meg. På forhånd takk, Thomas. Loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:42:03, on 07.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5377 bytes Lenke til kommentar
norbat Skrevet 7. mars 2010 Del Skrevet 7. mars 2010 Loggen ser grei ut. Har du fortsatt problemer med trojanere? Lenke til kommentar
Zonekiller2 Skrevet 7. mars 2010 Forfatter Del Skrevet 7. mars 2010 Loggen ser grei ut. Har du fortsatt problemer med trojanere? Ja, her er en combofix log også hvis det kan være til hjelp: ComboFix 10-03-06.07 - Thomas 07.03.2010 15:56:26.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3326.1965 [GMT 1:00] Kjører fra: c:\users\Thomas\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1017709601-1765780617-3123939857-500 C:\LHT866F.tmp . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-07 til 2010-03-07 ))))))))))))))))))))))))))))))))) . 2010-03-07 15:01 . 2010-03-07 15:02 -------- d-----w- c:\users\Thomas\AppData\Local\temp 2010-03-07 15:01 . 2010-03-07 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-07 00:49 . 2010-03-07 00:49 -------- d-----w- c:\windows\LastGood.Tmp 2010-03-07 00:48 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-07 00:30 . 2010-03-07 00:30 -------- d-----w- c:\program files\Trend Micro 2010-03-06 23:02 . 2010-03-06 23:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes 2010-03-06 23:02 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-06 23:02 . 2010-03-06 23:02 -------- d-----w- c:\programdata\Malwarebytes 2010-03-06 23:02 . 2010-03-06 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-06 23:02 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-06 22:17 . 2010-03-07 14:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-03-06 22:17 . 2010-03-06 22:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-06 21:45 . 2010-03-06 21:45 94712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-03-06 21:45 . 2010-03-06 21:45 329048 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-03-06 21:45 . 2010-03-06 21:45 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll 2010-03-06 21:45 . 2010-03-06 21:45 961984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-03-06 21:45 . 2010-03-06 21:45 835312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-03-06 21:45 . 2010-03-06 21:45 842992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-03-06 21:45 . 2010-03-06 21:45 1593320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-03-06 21:45 . 2010-03-06 21:45 815184 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-03-06 21:45 . 2010-03-06 21:45 1229232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-03-06 21:10 . 2010-03-06 21:10 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-06 21:10 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-06 21:09 . 2010-03-06 21:46 -------- d-----w- c:\programdata\Lavasoft 2010-03-06 21:09 . 2010-03-06 21:10 -------- d-----w- c:\program files\Lavasoft 2010-03-06 20:27 . 2010-03-06 20:27 -------- d-----w- c:\program files\CCleaner 2010-02-28 13:58 . 2010-02-28 13:58 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2010-02-24 13:15 . 2010-02-24 13:20 -------- d-----w- C:\$AVG 2010-02-24 13:14 . 2010-02-24 13:14 -------- d-----w- c:\programdata\avg9 2010-02-10 12:55 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-10 12:54 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-10 12:54 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-06 23:27 . 2010-02-06 23:27 -------- d-----w- c:\program files\iPod 2010-02-06 23:27 . 2010-02-06 23:28 -------- d-----w- c:\program files\iTunes 2010-02-06 23:22 . 2010-02-06 23:22 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-07 03:40 . 2008-01-21 06:14 76272 ----a-w- c:\windows\system32\perfc014.dat 2010-03-07 03:40 . 2008-01-21 06:14 452088 ----a-w- c:\windows\system32\perfh014.dat 2010-03-03 22:39 . 2009-12-20 20:22 -------- d-----w- c:\users\Thomas\AppData\Roaming\Spotify 2010-03-03 22:38 . 2009-02-03 15:46 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent 2010-03-01 12:59 . 2010-01-13 16:57 -------- d-----w- c:\users\Thomas\AppData\Roaming\LimeWire 2010-02-28 21:00 . 2009-01-29 16:51 100432 ----a-w- c:\users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-28 13:58 . 2009-01-23 07:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-28 12:37 . 2008-12-12 07:57 -------- d-----w- c:\program files\Windows Live 2010-02-24 13:14 . 2009-05-03 23:17 -------- d-----w- c:\program files\AVG 2010-02-24 13:14 . 2009-05-03 23:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-02-24 13:14 . 2009-05-03 23:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-02-24 13:14 . 2009-05-03 23:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-02-24 13:14 . 2009-05-03 23:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-02-24 08:16 . 2009-10-03 16:40 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-24 02:19 . 2008-12-12 07:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-13 10:40 . 2009-02-27 22:13 -------- d-----w- c:\program files\Steam 2010-02-11 21:49 . 2009-05-20 07:39 -------- d-----w- c:\program files\Common Files\Steam 2010-02-11 02:20 . 2009-02-03 15:46 -------- d-----w- c:\program files\uTorrent 2010-02-11 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-06 23:27 . 2009-03-30 08:39 -------- d-----w- c:\program files\Common Files\Apple 2010-02-04 15:53 . 2010-03-06 21:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-25 12:00 . 2010-02-23 22:14 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-23 22:14 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-23 22:14 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-23 22:14 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-23 22:14 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-23 22:14 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-23 22:14 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-23 22:14 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-23 22:14 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-23 22:14 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-18 10:45 . 2010-01-18 10:45 -------- d-----w- c:\users\Thomas\AppData\Roaming\NCH Software 2010-01-18 10:43 . 2010-01-18 10:43 -------- d-----w- c:\programdata\NCH Swift Sound 2010-01-18 10:43 . 2010-01-18 10:43 -------- d-----w- c:\users\Thomas\AppData\Roaming\NCH Swift Sound 2010-01-15 23:59 . 2010-01-15 23:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-01-14 10:54 . 2010-01-12 22:34 -------- d-----w- c:\program files\Java 2010-01-14 00:01 . 2009-03-30 08:42 -------- d-----w- c:\users\Thomas\AppData\Roaming\Apple Computer 2010-01-13 23:01 . 2010-01-13 23:01 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-13 22:59 . 2009-03-30 08:41 -------- d-----w- c:\program files\QuickTime 2010-01-13 22:56 . 2009-03-30 08:39 -------- d-----w- c:\programdata\Apple 2010-01-12 22:34 . 2010-01-12 22:32 -------- d-----w- c:\program files\LimeWire 2010-01-10 22:59 . 2009-11-07 21:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\Octoshape 2010-01-06 15:39 . 2010-02-23 22:14 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-23 22:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-23 22:14 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-23 22:14 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-23 22:14 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-23 22:14 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-23 22:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2009-12-18 13:01 . 2010-01-22 20:49 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-12-16 11:44 . 2010-01-22 20:49 834048 ----a-w- c:\windows\system32\wininet.dll 2009-12-11 11:43 . 2010-02-10 12:55 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-08 20:01 . 2010-02-10 12:55 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 12:55 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 12:55 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 12:55 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2010-01-13 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2009-10-25 17:51 1217808 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):85,7c,d2,77,e3,21,ca,01 R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720] R3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2008-05-19 120960] R4 DAHIDI;DAHIDI;c:\windows\system32\drivers\imon_ss.sys [2004-04-26 24714] R4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568] R4 mv64xx;mv64xx;c:\windows\system32\drivers\mv64xx.sys [2008-09-01 272424] R4 sertouch;sertouch;c:\windows\system32\drivers\sertouch.sys [2008-05-19 107264] R4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\si3112r.sys [2007-02-01 110128] R4 UGURU;UGURU;c:\windows\system32\drivers\uguru.sys [2006-10-02 21048] R4 xtouch;xtouch;c:\windows\system32\drivers\xtouch.sys [2008-05-20 103936] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-02-24 333192] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-02-24 360584] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-02-24 285392] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-06 1229232] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\n9jc9hbo.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\n9jc9hbo.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npfax.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-CM108Sound - CM108.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-07 16:02 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2010-03-07 16:04:19 ComboFix-quarantined-files.txt 2010-03-07 15:04 Pre-Run: 366 797 385 728 byte ledig Post-Run: 366 738 595 840 byte ledig - - End Of File - - F096D2C3501B30ACC2F551843C74BB32 Jeg kjørte 5+ scans i går fra flere forskjellige anti-virus programmer for så å forandre passordet mitt, men i dag tidlig hadde noen greid å hacke meg igjen, så jeg antar at jeg fortsatt har en trojaner et eller annet sted på PCen. Hvis noen ser noe spesielt ved en av loggene er jeg evig takknemmelig. Lenke til kommentar
norbat Skrevet 7. mars 2010 Del Skrevet 7. mars 2010 Fortsatt ikke noe malware å se i loggen. Passord - er det wow-kontoen din du snakker om? Lenke til kommentar
Zonekiller2 Skrevet 7. mars 2010 Forfatter Del Skrevet 7. mars 2010 Fortsatt ikke noe malware å se i loggen. Passord - er det wow-kontoen din du snakker om? ja det var den som ble hacket, nå gjorde jeg nettopp en ny scan med wow login screen oppe, i tilfelle det var noen som startet automatisk når jeg skulle logge inn eller lignende, men fant ingenting da heller. Sifra om du vil se om den loggen kan være til hjelp. Lenke til kommentar
Zonekiller2 Skrevet 8. mars 2010 Forfatter Del Skrevet 8. mars 2010 nok en gang iløpet av natten har de vært inne - er det noen som har et BRA forslag til hvordan å bli KVITT dette faenskapet? Har prøvd så å si alle scans etc. DESPERAT Lenke til kommentar
raWrz Skrevet 8. mars 2010 Del Skrevet 8. mars 2010 ta deg en tur hit: http://mobile.blizzard.com/ Kjøp Mobile Authenticator (koster 5 kr) og bruk den Du må da skrive inn en kode hver gang du logger inn som du får på mobilen. Det er vertfall en midlertidig stopp for de som er på accounten din Lenke til kommentar
Zonekiller2 Skrevet 8. mars 2010 Forfatter Del Skrevet 8. mars 2010 ta deg en tur hit: http://mobile.blizzard.com/ Kjøp Mobile Authenticator (koster 5 kr) og bruk den Du må da skrive inn en kode hver gang du logger inn som du får på mobilen. Det er vertfall en midlertidig stopp for de som er på accounten din problemet er at de har hacket meg 2 ganger ETTER jeg har aktivert Mobile Authenticator for iphone, men det viser seg at det kan ha vært en angrep fra innsiden av blizzard, så det forklarer isåfall hvorfor det ikke finnes noen trojanere på min maskin. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå