[Løst] Spyware eller Adware

Lexiboij · 14. januar 2011

Vil tro jeg nå har fått Spyware eller Adware ettersom at det innimellom popper opp IE vinduer og vinduene jeg bruker blir inaktive fordi et annet vindu blir tatt i bruk.

Har lagt til logger fra Hijack this og DDS.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:31:38, on 28.03.2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Users\Aleksander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Steam\Steam.exe

c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe

C:\Program Files (x86)\Steam\GameOverlayUI.exe

C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [Google Update] "C:\Users\Aleksander\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sEADS] C:\Program Files (x86)\SEADS\Source Engine Automatic Demo Saver\SEADS.exe

O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\ALEKSA~1\AppData\Local\Temp\sshnas21.dll,BackupReadW

O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\ALEKSA~1\AppData\Local\Temp\Vb0.exe

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE')

O4 - Startup: Dropbox.lnk = Aleksander\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Registration .LNK = D:\Register\RegistrationReminder.exe

O4 - Global Startup: WeGame.lnk = C:\Program Files (x86)\WeGame\wegame.exe

O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm

O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image-all.htm

O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image.htm

O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10030 bytes

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Aleksander at 15:59:28,03 on 14.01.2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.4095.1852 [GMT 1:00]

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\ANIWConnService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\runservice.exe

C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\Voddler\service\voddler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Fraps\fraps.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\WhatPulse\WhatPulse.exe

C:\Users\Aleksander\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Fraps\fraps64.dat

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Spotify\spotify.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\StarCraft II\Versions\Base17326\SC2.exe

C:\Users\ALEKSA~1\AppData\Local\Temp\Vb0.exe

C:\Program Files (x86)\trend micro\HijackThis\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\ALEKSA~1\AppData\Local\Temp\Vby.exe

C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Aleksander\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfi1.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AdobeBridge]

uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe

uRun: [Google Update] "C:\Users\Aleksander\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [JP595IR86O] C:\Users\ALEKSA~1\AppData\Local\Temp\Vby.exe

mRun: [NPSStartup]

mRun: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Panda Security Toolbar Antiphishing] "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe"

mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File

mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

mRun-x64: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

STS-X64: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - No File

============= SERVICES / DRIVERS ===============

R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2010-6-8 14592]

R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2010-6-17 149576]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-22 203264]

R2 ANIWConnService;ANIWConn Service;C:\Windows\system32\ANIWConnService.exe --> C:\Windows\system32\ANIWConnService.exe [?]

R2 LicCtrlService;LicCtrl Service;C:\Windows\runservice.exe [2010-2-11 16384]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-8-9 140608]

R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2010-5-27 158280]

R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2010-7-21 114760]

R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2010-4-30 121864]

R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2010-7-21 128072]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2222376]

R2 VoddlerNet;VoddlerNet;C:\Program Files (x86)\Voddler\service\voddler.exe [2010-12-2 1036848]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-22 7883264]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-22 285696]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-10-22 116240]

R3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2010-1-31 4608]

R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2010-12-24 1309184]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;C:\Windows\System32\drivers\rt2870.sys [2010-1-3 941056]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-26 1436424]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2009-12-5 9216]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-12-4 97552]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2009-12-25 16392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-8 1255736]

S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-2 25832]

=============== Created Last 30 ================

2011-01-14 13:35:36 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8E10A8CB-1A08-4931-8396-7E19D450222C}\mpengine.dll

2011-01-03 14:35:25 -------- dc----w- C:\Program Files (x86)\The KMPlayer

2011-01-02 20:56:35 -------- dc----w- C:\Program Files (x86)\Common Files\Autodesk Shared

2010-12-28 08:21:36 -------- dc----w- C:\Users\ALEKSA~1\AppData\Local\Autodesk

2010-12-27 22:54:24 -------- dc----w- C:\Program Files (x86)\Autodesk

2010-12-24 21:12:25 -------- dc----w- C:\Program Files (x86)\Microsoft LifeCam

2010-12-24 21:12:24 -------- dc----w- C:\Program Files\Microsoft LifeCam

2010-12-24 21:08:07 400384 -c----w- C:\Windows\System32\CAHS1.cpl

2010-12-24 21:08:07 143360 -c----w- C:\Windows\VmixHS1.dll

2010-12-24 21:08:04 8724480 -c----w- C:\Windows\SysWow64\CAHS1.dll

2010-12-24 21:08:04 798208 -c----w- C:\Windows\System32\CAHS1.exe

2010-12-24 21:08:04 200704 -c----w- C:\Windows\SysWow64\cmpaHS1.dll

2010-12-24 21:07:49 315392 -c--a-w- C:\Windows\system\fltrCAHS1.dll

2010-12-24 21:07:49 1309184 -c--a-w- C:\Windows\System32\drivers\CAHS164.sys

2010-12-24 21:07:47 354304 -c----w- C:\Windows\System32\CmiInstallResAll64.dll

2010-12-24 21:07:46 524768 -c-ha-r- C:\Windows\difxapi.dll

2010-12-23 04:02:02 -------- dc----w- C:\Program Files\Defraggler

==================== Find3M ====================

2011-01-13 13:38:57 49 --sha-w- C:\Windows\SysWow64\mmf.sys

2011-01-12 23:25:00 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-12 23:25:00 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2010-12-15 22:57:51 3124224 ----a-w- C:\Windows\System32\win32k.sys

2010-12-15 22:57:29 395776 ----a-w- C:\Windows\System32\webio.dll

2010-12-15 22:57:29 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2010-12-15 22:54:44 112000 ----a-w- C:\Windows\System32\consent.exe

2010-12-15 22:54:35 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-15 22:54:35 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-15 22:54:35 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-12-15 22:54:34 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-15 22:54:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-15 22:54:34 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-15 22:54:34 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-15 22:54:34 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-12-07 17:45:12 271200 -c--a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2010-12-07 17:45:12 271200 -c--a-w- C:\Windows\SysWow64\PnkBstrB.exe

2010-12-07 17:44:02 103736 -c--a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2010-12-07 12:19:48 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2010-11-29 16:38:30 94208 -c--a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 -c--a-w- C:\Windows\SysWow64\QuickTime.qts

2010-11-22 18:32:13 140 -c--a-w- C:\PROGRA~3\xlink.sys

2010-11-22 18:32:11 0 -c--a-w- C:\Windows\SysWow64\ntUsrrP_1_0.dll

2010-11-21 22:13:47 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2010-11-21 22:13:47 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2010-11-21 22:13:47 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2010-11-21 22:13:47 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2010-10-29 01:01:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-10-29 01:01:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-10-27 21:21:28 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-10-27 21:21:28 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-10-27 21:21:28 552960 ----a-w- C:\Windows\System32\msdri.dll

2010-10-27 21:21:28 288256 ----a-w- C:\Windows\System32\MSNP.ax

2010-10-27 21:21:28 258560 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-10-27 21:21:28 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2010-10-27 21:21:28 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-10-27 21:20:15 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2010-10-23 12:49:27 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-10-23 12:49:27 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-10-23 12:49:27 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-10-23 12:49:27 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-10-23 12:49:27 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-10-23 12:49:27 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-10-23 12:49:27 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-10-22 21:43:02 5470720 -c--a-w- C:\Windows\System32\aticaldd64.dll

2010-10-22 21:43:01 37888 -c--a-w- C:\Windows\System32\atiu9p64.dll

2010-10-22 21:42:46 21344256 -c--a-w- C:\Windows\System32\atio6axx.dll

2010-10-22 21:42:44 53760 -c--a-w- C:\Windows\System32\atimpc64.dll

2010-10-22 21:42:44 53760 -c--a-w- C:\Windows\System32\amdpcom64.dll

2010-10-22 21:42:43 43520 -c--a-w- C:\Windows\SysWow64\ati2edxx.dll

2010-10-22 21:42:26 52736 -c--a-w- C:\Windows\SysWow64\atimpc32.dll

2010-10-22 21:42:26 52736 -c--a-w- C:\Windows\SysWow64\amdpcom32.dll

2010-10-22 21:42:26 278528 -c--a-w- C:\Windows\SysWow64\Oemdspif.dll

2010-10-22 21:42:24 332800 -c--a-w- C:\Windows\System32\ATIODE.exe

2010-10-22 21:42:21 16201728 -c--a-w- C:\Windows\SysWow64\atioglxx.dll

2010-10-22 21:42:15 3460096 -c--a-w- C:\Windows\SysWow64\atiumdva.dll

2010-10-22 21:42:00 28672 -c--a-w- C:\Windows\SysWow64\atiu9pag.dll

2010-10-22 21:41:45 44544 -c--a-w- C:\Windows\System32\aticalcl64.dll

2010-10-22 21:41:37 14848 -c--a-w- C:\Windows\System32\atig6pxx.dll

2010-10-22 21:41:13 51200 -c--a-w- C:\Windows\System32\ATIODCLI.exe

2010-10-22 21:41:09 628224 -c--a-w- C:\Windows\System32\aticfx64.dll

2010-10-22 21:41:04 340480 -c--a-w- C:\Windows\System32\atiadlxx.dll

2010-10-22 21:40:51 462336 -c--a-w- C:\Windows\System32\atieclxx.exe

2010-10-22 21:40:49 241664 -c--a-w- C:\Windows\SysWow64\atiadlxy.dll

2010-10-22 21:40:39 4077568 -c--a-w- C:\Windows\SysWow64\atiumdag.dll

2010-10-22 21:40:31 7883264 -c--a-w- C:\Windows\System32\drivers\atikmdag.sys

2010-10-22 21:39:50 536576 -c--a-w- C:\Windows\SysWow64\aticfx32.dll

2010-10-22 21:39:41 44032 -c--a-w- C:\Windows\SysWow64\aticalcl.dll

2010-10-22 21:39:30 116240 -c--a-w- C:\Windows\System32\drivers\AtihdW76.sys

2010-10-22 21:38:29 30720 -c--a-w- C:\Windows\SysWow64\atiuxpag.dll

2010-10-22 21:38:28 59392 -c--a-w- C:\Windows\System32\atiedu64.dll

2010-10-22 21:38:18 21504 -c--a-w- C:\Windows\System32\atig6txx.dll

2010-10-22 21:37:59 203264 -c--a-w- C:\Windows\System32\atiesrxx.exe

2010-10-22 21:37:43 12800 -c--a-w- C:\Windows\SysWow64\atiglpxx.dll

2010-10-22 21:37:43 12800 -c--a-w- C:\Windows\System32\atiglpxx.dll

2010-10-22 21:37:01 450560 -c--a-w- C:\Windows\System32\ATIDEMGX.dll

2010-10-22 21:36:57 53248 -c--a-w- C:\Windows\System32\drivers\ati2erec.dll

2010-10-22 21:36:49 12288 -c--a-w- C:\Windows\System32\atimuixx.dll

2010-10-22 21:36:48 4407808 -c--a-w- C:\Windows\SysWow64\aticaldd.dll

2010-10-22 21:36:46 421376 -c--a-w- C:\Windows\System32\atipdl64.dll

2010-10-22 21:36:13 285696 -c--a-w- C:\Windows\System32\drivers\atikmpag.sys

2010-10-22 21:36:10 46080 -c--a-w- C:\Windows\SysWow64\aticalrt.dll

2010-10-22 21:36:09 143360 -c--a-w- C:\Windows\System32\atiapfxx.exe

2010-10-22 21:36:07 5240832 -c--a-w- C:\Windows\System32\atiumd64.dll

2010-10-22 21:35:57 356352 -c--a-w- C:\Windows\SysWow64\atipdlxx.dll

2010-10-22 21:35:52 58880 -c--a-w- C:\Windows\System32\coinst.dll

2010-10-22 21:35:28 3953152 -c--a-w- C:\Windows\SysWow64\atidxx32.dll

2010-10-22 21:34:47 3222016 -c--a-w- C:\Windows\System32\atiumd6a.dll

2010-10-22 21:34:40 51200 -c--a-w- C:\Windows\System32\aticalrt64.dll

2010-10-22 21:34:35 19968 -c--a-w- C:\Windows\SysWow64\atigktxx.dll

2010-10-22 21:34:34 39936 -c--a-w- C:\Windows\System32\atiuxp64.dll

2010-10-22 21:34:24 4660224 -c--a-w- C:\Windows\System32\atidxx64.dll

2010-10-22 21:33:12 120320 -c--a-w- C:\Windows\System32\atitmm64.dll

2010-10-21 14:11:04 97552 -c--a-w- C:\Windows\System32\drivers\MijXfilt.sys

2010-10-19 09:41:44 270720 -c----w- C:\Windows\System32\MpSigStub.exe

============= FINISH: 16:00:44,54 ===============

Attach.txt

norbat · 14. januar 2011

Last ned, oppdater og kjør en rask skann med MBAM.

Post loggen den lager sammen med en ny hjt-logg.

Lexiboij · 14. januar 2011

Jeg har fjernet denne trojanern 2 ganger i dag, men den ser ut til å komme tilbake.

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3653

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

14.01.2011 22:51:33

mbam-log-2011-01-14 (22-51-26).txt

Skanntype: Full Skann (C:\|)

Objekter skannet: 631398

Tid tilbakelagt: 2 hour(s), 17 minute(s), 30 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert: