-=Petter=- Skrevet 8. juni 2010 Del Skrevet 8. juni 2010 Hei Fikk spam her i dag. Fra madeinchina.com , madeinchina-inc.com. Første er der mailen kommer fra. Andre adressen er der all kontakt skal gå til hvis man skal sende mail til dem. Men der i mot hvis jeg går inn på siden madeinchina-inc.com kommer jeg bare til min routers start side. Jeg har en dlink dir 635, denne er ikke satt til og kunne kobles opp til fra nettet. Men går jeg inn på samme side i Opera, kommer jeg ikke dit, da kommer jeg til en side med overskrift Index of..... og oppsett til en liste, men ikke noe som blir listet opp. Jeg har en liten tanke. Hvis man skriver inn en side, men skriver feil i adr linjen. Så kommer man gjerne inn på google, der det blir søkt av seg selv. Så for meg virker det nesten som om min router start side er blitt satt opp som søk i IE. Selv om dette ikke fungerer på noen andre sider. Kun da jeg går inn på denne side... Skjer dette med flere? Håper noen kan hjelpe meg. Lenke til kommentar
raWrz Skrevet 9. juni 2010 Del Skrevet 9. juni 2010 (endret) Hei, Kjør veiledningen som er linket øverst i signaturen min før du gjør det som står under: Gjør følgende: Last ned 'HijackThis'. Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile. Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda. Du vil da få en logg tilsvarende den i spoiler nedenfor: Logfile of HijackThis v1.99.1 Scan saved at 17:06:11, on 08.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kenneth\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stealthy.foolishgames.net/news.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe[/code] Et tips: Legg loggfilene i [spoiler]<skriv loggfilen her>[/spoiler] Når du har gjort dette er det bare å vente på svar... Endret 9. juni 2010 av Submit Lenke til kommentar
-=Petter=- Skrevet 9. juni 2010 Forfatter Del Skrevet 9. juni 2010 Da har jeg kjørt disse, og legger ut loggene fra Malwarebytes, dds og HijackThis. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4149 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.06.2010 10:30:09 mbam-log-2010-06-09 (10-30-09).txt Skanntype: Hurtigsøk Objekter skannet: 126242 Tid tilbakelagt: 4 minutt(er), 35 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 2 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Users\Petter\AppData\Local\Temp\EULA.exe (Trojan.Downloader) -> No action taken. C:\Users\Petter\AppData\Local\Temp\svvchst32.exe (Trojan.Dropper) -> No action taken. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 08.12.2009 21:56:49 System Uptime: 06.09.2010 02:21:09 (-2128 hours ago) Motherboard: | | Processor: Intel® Core2 Duo CPU T9300 @ 2.50GHz | CPU | 2493/1066mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 51 GiB total, 18,114 GiB free. D: is FIXED (NTFS) - 182 GiB total, 53,66 GiB free. E: is CDROM () F: is Removable H: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP102: 04.06.2010 13:37:54 - Windows Update ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 2 (SP2) Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Creative Suite 4 Master Collection Adobe CSI CS4 Adobe Default Language CS4 Adobe Dreamweaver CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe MotionPicture Color Files CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe SVG Viewer 3.0 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AnyDVD µTorrent AVG Free 9.0 Bejeweled 2 Deluxe 1.1 Brother MFL-Pro Suite CDBurnerXP CloneDVD2 Connect DC++ 0.750 Dropbox DVD Profiler Version 3.5.1 EMSC Foxit Reader FrostWire 4.18.5 GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) GoodSync Google SketchUp 7 HashCheck Shell Extension (x86-32) Java Auto Updater Java 6 Update 20 kuler Logitech Harmony Remote Software 7 Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel 2007 Help Oppdatering (KB963678) Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007 Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669) Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Norwegian (Bokmål)) 2007 Microsoft Office Proof (Norwegian (Nynorsk)) 2007 Microsoft Office Proofing (Norwegian (Bokmål)) 2007 Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 Microsoft Office Word 2007 Help Oppdatering (KB963665) Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MYMOVIES) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MSVCRT Opera 10.53 Opplastingsverktøy for Windows Live PDF Settings CS4 Photoshop Camera Raw Pixel Bender Toolkit Remote Control USB Driver Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB980470) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Spotify Suite Shared Configuration CS4 Total Commander (Remove or Repair) Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB981715) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb981726) VirtualCloneDrive Visual C++ 8.0 Runtime Setup Package (x64) Win7codecs Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Wireless Select Switch ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSX64 Run by Petter at 10:32:40,64 on 09.06.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4086.2640 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\UnsignedThemesSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SysWOW64\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe C:\Windows\SysWOW64\brss01a.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\AnyDVD\AnyDVDtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Petter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe C:\Users\Petter\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\AnyDVD\ADvdDiscHlp64.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Wireless Select Switch\WLSS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\OEM08Mon.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\Petter\Desktop\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mLocal Page = c:\windows\syswow64\blank.htm mWinlogon: Userinit=userinit.exe BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe" uRun: [installation Diagnostics] "c:\program files (x86)\brother\brmfl05a\Brinstck.exe" /I DCP-340CW LAN uRun: [sidebar] c:\program files (x86)\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [AnyDVD] c:\program files (x86)\anydvd\AnyDVDtray.exe mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe mRun: [WLSS] c:\program files (x86)\wireless select switch\WLSS.exe mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [OEM08Mon.exe] c:\windows\OEM08Mon.exe mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [VirtualCloneDrive] "c:\program files (x86)\virtualclonedrive\VCDDaemon.exe" /s mRun: [brMfcWnd] c:\program files (x86)\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files (x86)\brother\controlcenter3\brctrcen.exe /autorun StartupFolder: c:\users\petter\appdata\roaming\microsoft\windows\start menu\programs\startup\AlwaysOnTopMaker.exe StartupFolder: c:\users\petter\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\petter\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\petter\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\users\petter\appdata\local\temp\JDstart.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} {9030D464-4C02-4ABF-8ECC-5164760863C6} {32099AAC-C132-4136-9E9A-4E364A424E17} mRun-x64: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun-x64: [igfxTray] c:\windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm AppInit_DLLs-X64: avgrssta.dll ============= SERVICES / DRIVERS =============== R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-12-9 14336] R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-12-8 269320] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-12-8 35536] R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-12-8 317520] R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-12 916760] R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-12 308064] R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680] R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 24168] R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 30568] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-12-19 6816256] R3 OEM08Vfx;Creative Camera OEM008 Video VFX Driver;c:\windows\system32\drivers\OEM08Vfx.sys [2007-3-5 12288] R3 OEM08Vid;Creative Camera OEM008 Driver;c:\windows\system32\drivers\OEM08Vid.sys [2007-8-30 266848] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-9 35104] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-12-10 1038088] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112] =============== Created Last 30 ================ 2010-05-29 14:22:24 54156 ---ha-w- c:\windows\QTFont.qfn 2010-05-29 14:22:24 1409 ----a-w- c:\windows\QTFont.for 2010-05-29 14:21:59 0 d-----w- c:\programdata\Apple Computer 2010-05-27 21:49:02 0 d-----w- c:\users\petter\appdata\roaming\Malwarebytes 2010-05-27 21:48:55 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-27 21:48:55 0 d-----w- c:\programdata\Malwarebytes 2010-05-27 21:48:55 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-05-26 13:53:07 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-05-26 13:53:07 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-24 20:25:16 0 d-----w- c:\users\petter\appdata\roaming\Dropbox 2010-05-16 19:19:03 0 d-----w- c:\programdata\PopCap Games 2010-05-16 19:19:03 0 d-----w- c:\program files (x86)\PopCap Games 2010-05-13 15:16:04 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2010-05-12 13:50:14 976896 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-12 13:50:13 740864 ----a-w- c:\windows\syswow64\inetcomm.dll ==================== Find3M ==================== 2010-06-07 19:47:11 93224 ----a-w- c:\windows\system32\perfc014.dat 2010-06-07 19:47:11 499152 ----a-w- c:\windows\system32\perfh014.dat 2010-06-03 14:28:03 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2010-06-03 14:28:03 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2010-04-12 15:29:27 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-12 15:29:26 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-12 15:29:25 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-12 15:29:19 411368 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-03-12 08:46:22 12976 ----a-w- c:\windows\system32\avgrssta.dll 2010-03-11 20:38:16 653312 ----a-w- c:\program files\common files\SetupDLL.dll 2009-12-09 08:09:15 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-12-09 08:09:15 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-12-09 08:09:15 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-12-09 08:09:15 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-01-22 17:20:04 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-01-27 08:34:38 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-01-27 08:34:38 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-01-27 08:34:38 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 10:32:52,23 =============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:11, on 09.06.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\AnyDVD\AnyDVDtray.exe C:\Users\Petter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe C:\Users\Petter\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Wireless Select Switch\WLSS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\OEM08Mon.exe C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [OEM08Mon.exe] C:\Windows\OEM08Mon.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05a\Brinstck.exe" /I DCP-340CW LAN O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: AlwaysOnTopMaker.exe O4 - Startup: Dropbox.lnk = C:\Users\Petter\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Windows Updater.lnk = C:\Users\Petter\AppData\Local\Temp\JDstart.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9505 bytes Her er loggene, mbam fant to trojaner, disse er fjernet. Håper noen kan hjelpe meg, da jeg syntes det er litt merkelig at hvis jeg går inn på den siden, kommer jeg til min egen router. Og routeren er ikke en gang satt opp til og kunne jobbes på fra nett... Petter Lenke til kommentar
raWrz Skrevet 9. juni 2010 Del Skrevet 9. juni 2010 (endret) C:\Users\Petter\AppData\Local\Temp\EULA.exe (Trojan.Downloader) -> No action taken. C:\Users\Petter\AppData\Local\Temp\svvchst32.exe (Trojan.Dropper) -> No action taken. Trykka du på Fix Checked og evnt. restarta maskina? Endret 9. juni 2010 av Submit Lenke til kommentar
-=Petter=- Skrevet 9. juni 2010 Forfatter Del Skrevet 9. juni 2010 Det har jeg gjort, men lagre loggen før jeg gjorde det.. Desverre.. men er gjort ja Lenke til kommentar
raWrz Skrevet 9. juni 2010 Del Skrevet 9. juni 2010 kan du laste opp filen som ligger her: C:\Windows\OEM08Mon.exe Til http://www.virustotal.com/ og poste loggen? Lenke til kommentar
-=Petter=- Skrevet 9. juni 2010 Forfatter Del Skrevet 9. juni 2010 Her er fila tror jeg: File has already been analysed: MD5: c0dc6b7d3c397f9e05d7256875a6676a First received: 2009.07.08 10:50:54 UTC Date: 2009.12.19 02:05:13 UTC [>172D] Results: 0/41 Permalink: analisis/a9fab0ad04bec5300d0caa3092057759d06633649c3e39f609c667398963bed6-1261188313 Logg: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.18 - AhnLab-V3 5.0.0.2 2009.12.18 - AntiVir 7.9.1.114 2009.12.18 - Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.18 - AVG 8.5.0.427 2009.12.18 - BitDefender 7.2 2009.12.19 - CAT-QuickHeal 10.00 2009.12.18 - ClamAV 0.94.1 2009.12.18 - Comodo 3291 2009.12.19 - DrWeb 5.0.0.12182 2009.12.19 - eSafe 7.0.17.0 2009.12.16 - eTrust-Vet 35.1.7184 2009.12.19 - F-Prot 4.5.1.85 2009.12.18 - F-Secure 9.0.15370.0 2009.12.19 - Fortinet 4.0.14.0 2009.12.18 - GData 19 2009.12.19 - Ikarus T3.1.1.79.0 2009.12.18 - Jiangmin 13.0.900 2009.12.18 - K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.19 - McAfee 5836 2009.12.18 - McAfee+Artemis 5836 2009.12.18 - McAfee-GW-Edition 6.8.5 2009.12.18 - Microsoft 1.5302 2009.12.18 - NOD32 4700 2009.12.18 - Norman 6.04.03 2009.12.18 - nProtect 2009.1.8.0 2009.12.18 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.19 - Prevx 3.0 2009.12.19 - Rising 22.26.05.01 2009.12.19 - Sophos 4.49.0 2009.12.18 - Sunbelt 3.2.1858.2 2009.12.19 - Symantec 1.4.4.12 2009.12.18 - TheHacker 6.5.0.2.098 2009.12.18 - TrendMicro 9.100.0.1001 2009.12.18 - VBA32 3.12.12.0 2009.12.18 - ViRobot 2009.12.18.2097 2009.12.18 - VirusBuster 5.0.21.0 2009.12.18 - Additional information File size: 36864 bytes MD5 : c0dc6b7d3c397f9e05d7256875a6676a SHA1 : 7cdc4e443875b0fc6c981dc466ddf5443e698fb9 SHA256: a9fab0ad04bec5300d0caa3092057759d06633649c3e39f609c667398963bed6 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2DAE timedatestamp.....: 0x46C140A9 (Tue Aug 14 07:42:01 2007) machinetype.......: 0x14C (Intel I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2014 0x3000 4.66 556bb6533b1b5c33ef339ae765c87dc1 .rdata 0x4000 0x95A 0x1000 3.43 284adec0e6fb19a0f901ffd5d0bd29dd .data 0x5000 0x1D4 0x1000 0.94 32dffe67afe75d73263311d81e416a9c .sxdata 0x6000 0x4 0x1000 0.00 e0f6821e0906d569a9a3e873c22c4d70 PAGECONS 0x7000 0x10 0x1000 0.05 b108dd9efebe4d7ac76987fad2d0aa36 .rsrc 0x8000 0x3B0 0x1000 0.94 a9c7bf9ae68a1c40a00dd504869a288e ( 7 imports ) > advapi32.dll: RegCloseKey, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA > kernel32.dll: Sleep, IsBadReadPtr, HeapFree, CreateFileA, DuplicateHandle, GetCurrentThread, GetCurrentProcess, lstrcatA, HeapAlloc, GetProcessHeap, GetTickCount, lstrcmpiA, lstrcpyA, lstrlenA, WaitForSingleObject, Process32Next, Process32First, CreateToolhelp32Snapshot, WaitForMultipleObjects, CreateMutexA, GetWindowsDirectoryA, GetFullPathNameA, GetModuleFileNameA, GetVersionExA, GetExitCodeProcess, CreateProcessA, ResetEvent, SetEvent, CreateEventA, GetLastError, OpenProcess, CloseHandle, GetStartupInfoA > ksproxy.ax: KsSynchronousDeviceControl > msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, exit, _initterm, _cexit, _XcptFilter, _exit, _c_exit, _beginthread, _endthread, __getmainargs, _acmdln, __setusermatherr > setupapi.dll: SetupDiEnumDeviceInterfaces, SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsExA, SetupDiEnumDeviceInfo, SetupDiGetClassDevsA, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailA, SetupDiOpenDevRegKey > shlwapi.dll: StrStrIA > user32.dll: PostQuitMessage, GetWindowLongA, DispatchMessageA, TranslateMessage, IsDialogMessageA, IsWindow, GetMessageA, CreateDialogParamA, BroadcastSystemMessageA, RegisterWindowMessageA, DestroyWindow, PostMessageA, SetWindowLongA ( 0 exports ) TrID : File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 192:efdYOTpogrpjwnwgeN+yOlOikDI9LD+ICFY1eNRn/pb7vUZmuNdfDm:efdY7Agc+yOlYEZDDCO1eNR/pb7cZ9S PEiD : - RDS : NSRL Reference Data Set - ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Lenke til kommentar
raWrz Skrevet 10. juni 2010 Del Skrevet 10. juni 2010 (endret) Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O4 - Startup: Windows Updater.lnk = C:\Users\Petter\AppData\Local\Temp\JDstart.exe Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Et tips: Legg loggfilene i spoiler: [skjul]<skriv loggfilen her>[/skjul] Endret 10. juni 2010 av Submit Lenke til kommentar
-=Petter=- Skrevet 10. juni 2010 Forfatter Del Skrevet 10. juni 2010 (endret) Her er loggen... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:04, on 10.06.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\AnyDVD\AnyDVDtray.exe C:\Users\Petter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AlwaysOnTopMaker.exe C:\Users\Petter\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Wireless Select Switch\WLSS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\OEM08Mon.exe C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe C:\Program Files (x86)\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [OEM08Mon.exe] C:\Windows\OEM08Mon.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl05a\Brinstck.exe" /I DCP-340CW LAN O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: AlwaysOnTopMaker.exe O4 - Startup: Dropbox.lnk = C:\Users\Petter\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9369 bytes Ingen bedring enda... Endret 10. juni 2010 av TheBadKing Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå