RTH666 Skrevet 8. januar 2012 Del Skrevet 8. januar 2012 Når jeg er inne på en eller annen side blir jeg plutselig kastet over til login på facebook og en aplikasjon som heter "Are YOU interested" overtar. Jeg har blokkert denne aplikasjonen mange ganger i dag men den legger seg fort tilbake i tilatte apper. I tillegg til dette så la det seg ut linker som jeg tilsyneslatende postet som tydelig inneholdt porno. Jeg slettet til slutt FB kontoen min for å unngå videre spredning. Jeg har kjørt full scan og reprasjon med Microsoft Security Essential, Spybot-Search and destroy samt Ccleaner. Har i tilegg kjørt programmene Hijackthis, Combofix og MBAM. Log fra Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:44:37, on 08.01.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\WindowsMobile\wmdcBase.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\hjt\Trend Micro\HiJackThis\test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6404 bytes Log fra Combofix: ComboFix 12-01-07.03 - Rune Thorvaldsen 08.01.2012 18:11:43.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1033.18.2550.1168 [GMT 1:00] Kjører fra: c:\users\Rune Thorvaldsen\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Rune Thorvaldsen\AppData\Local\Temp\jna6630056340369098495.dll c:\users\RUNETH~1\AppData\Local\Temp\jna6630056340369098495.dll . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-12-08 til 2012-01-08 ))))))))))))))))))))))))))))))))) . . 2012-01-08 17:22 . 2012-01-08 17:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl8928a502.sys 2012-01-08 17:20 . 2012-01-08 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-08 17:07 . 2012-01-08 17:07 -------- d-----w- c:\program files\Trend Micro 2012-01-08 16:52 . 2012-01-08 16:52 -------- d-----w- c:\programdata\Malwarebytes 2012-01-08 16:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-08 16:52 . 2012-01-08 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-08 13:36 . 2012-01-08 13:36 -------- d-----w- c:\program files\CCleaner 2012-01-08 10:32 . 2012-01-08 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-01-08 10:32 . 2012-01-08 10:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-01-07 23:11 . 2012-01-07 23:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl08e2dab3.sys 2012-01-07 23:11 . 2012-01-08 17:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\offreg.dll 2012-01-07 23:11 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\mpengine.dll 2012-01-07 20:03 . 2012-01-07 20:05 -------- d-----w- c:\programdata\PMS 2012-01-07 20:03 . 2012-01-08 17:23 -------- d-----w- c:\program files\PS3 Media Server 2012-01-07 17:00 . 2012-01-07 17:00 -------- d-----w- c:\program files\FileZilla FTP Client 2012-01-05 22:13 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2012-01-05 22:13 . 2012-01-05 22:13 -------- d-----w- c:\program files\Nitro PDF 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-01-04 19:32 . 2012-01-04 19:32 -------- d-----w- c:\program files\QuickTime 2012-01-04 19:32 . 2012-01-04 19:32 -------- d-----w- c:\programdata\Apple Computer 2012-01-04 19:31 . 2012-01-04 19:31 -------- d-----w- c:\program files\Common Files\Apple 2012-01-04 19:30 . 2012-01-04 19:30 -------- d-----w- c:\program files\Apple Software Update 2012-01-04 19:30 . 2012-01-04 19:30 -------- d-----w- c:\programdata\Apple 2012-01-03 22:43 . 2012-01-03 22:43 -------- d-----w- c:\program files\Aurora3D 2012-01-01 18:08 . 2012-01-01 18:10 -------- d-----w- C:\RfcClient 2012-01-01 18:06 . 2012-01-01 18:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-01-01 15:18 . 2012-01-01 15:19 -------- d-----w- c:\program files\rFactor 2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\windows\Sun 2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\program files\Common Files\Java 2011-12-30 11:48 . 2011-12-30 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\program files\Java 2011-12-29 17:40 . 2011-12-29 17:40 -------- d-----w- c:\program files\WP Driver 2011-12-29 17:40 . 2011-12-29 17:40 -------- d-----w- c:\program files\WP 2011-12-29 17:37 . 2010-03-12 17:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys 2011-12-29 17:37 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys 2011-12-29 17:37 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD 2011-12-29 13:44 . 2011-12-29 13:44 -------- d-----w- c:\program files\Common Files\Adobe 2011-12-29 13:40 . 2011-12-29 13:40 -------- d-----w- c:\windows\system32\Adobe 2011-12-29 13:39 . 2011-12-29 13:39 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-12-26 21:06 . 2011-12-26 21:06 -------- d-----w- c:\program files\7-Zip 2011-12-26 20:14 . 2011-12-26 20:14 -------- d-----w- c:\program files\uTorrent 2011-12-26 19:45 . 2011-12-26 19:45 -------- d-----w- c:\windows\WindowsMobile 2011-12-24 14:16 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-12-24 14:09 . 2011-12-24 14:09 -------- d-----w- c:\program files\Webteh 2011-12-23 16:38 . 2011-12-29 13:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-23 16:38 . 2011-12-23 16:38 -------- d-----w- c:\windows\system32\Macromed 2011-12-23 05:17 . 2012-01-08 12:21 -------- d-----w- c:\windows\Panther 2011-12-23 05:16 . 2011-12-23 05:16 -------- d-----w- C:\Boot 2011-12-22 23:00 . 2011-12-23 10:08 -------- d-----w- c:\windows\AutoKMS 2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-12-22 22:47 . 2011-12-22 22:47 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-12-22 22:46 . 2011-12-22 22:46 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-12-22 22:43 . 2011-12-27 11:45 -------- d-----w- c:\programdata\Microsoft Help 2011-12-22 22:42 . 2011-12-22 22:42 -------- d-----r- C:\MSOCache 2011-12-22 22:26 . 2012-01-01 12:57 -------- d-----w- c:\program files\BELIMO 2011-12-22 21:58 . 2011-12-22 21:58 -------- d-----w- c:\program files\Microsoft Silverlight 2011-12-22 21:54 . 2011-12-22 21:54 -------- d-----w- c:\program files\TeamViewer 2011-12-22 21:37 . 2011-12-22 21:36 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C306C72-953B-425D-B011-2196E79D4D4F}\gapaengine.dll 2011-12-22 21:33 . 2011-12-22 21:33 -------- d-----w- c:\program files\Microsoft Security Client 2011-12-22 21:16 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft.NET 2011-12-22 21:15 . 2011-12-22 21:15 -------- d-----w- C:\8f02be957aefcb7382d105cd3fcf958e 2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\nb-NO 2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\no 2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\drivers\nb-NO 2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO 2011-12-22 21:07 . 2011-12-22 21:55 -------- d-----w- c:\windows\system32\wbem\nb-NO 2011-12-22 21:01 . 2011-12-22 21:01 -------- d-----w- c:\program files\Microsoft IntelliPoint 2011-12-22 21:00 . 2011-12-22 21:00 -------- d-----w- c:\windows\PCHEALTH 2011-12-22 21:00 . 2012-01-08 17:07 -------- d-sh--w- c:\windows\Installer 2011-12-22 20:57 . 2011-12-22 20:57 -------- d-----w- c:\program files\Synaptics 2011-12-22 20:54 . 2011-12-22 20:54 -------- d-----w- c:\program files\Analog Devices 2011-12-22 20:50 . 2009-07-13 17:34 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\nb-NO\LXKPTPRC.DLL.mui 2011-12-22 20:48 . 2011-12-22 20:48 -------- d-----w- c:\program files\CONEXANT 2011-12-22 20:48 . 2011-12-22 20:48 -------- d-----w- c:\program files\Protector Suite 2011-12-22 20:46 . 2011-11-30 01:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BBA19EF-C5E3-4FAF-A201-EF6521183E32}\mpengine.dll 2011-12-22 20:46 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-12-22 20:42 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-12-22 20:42 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-12-22 20:39 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-12-22 20:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-12-22 20:28 . 2009-08-06 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe 2011-12-22 20:25 . 2012-01-01 12:25 -------- d-----w- c:\users\Rune Thorvaldsen 2011-12-22 20:25 . 2011-12-22 20:25 -------- d-----w- C:\Recovery 2011-12-22 17:33 . 2012-01-01 13:09 -------- d-----w- C:\Rens . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-22 21:06 . 2011-12-22 21:06 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-12-22 21:06 . 2011-12-22 21:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-12-22 21:06 . 2011-12-22 21:06 152064 ----a-w- c:\windows\system32\wextract.exe 2011-12-22 21:06 . 2011-12-22 21:06 1127424 ----a-w- c:\windows\system32\wininet.dll 2011-11-24 04:25 . 2011-12-22 20:44 2342912 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 04:26 . 2011-12-22 20:45 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-12-21 08:01 . 2011-12-27 15:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKsl5c3c7619;MpKsl5c3c7619;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6458848-6D39-43A5-8789-D91FFB50686E}\MpKsl5c3c7619.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt; [x] S1 MpKsl08e2dab3;MpKsl08e2dab3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl08e2dab3.sys [2012-01-07 29904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872] S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - MPKSL8928A502 *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-01-08 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2011-12-22 23:00] . . ------- Tilleggsskanning ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 FF - ProfilePath - c:\users\Rune Thorvaldsen\AppData\Roaming\Mozilla\Firefox\Profiles\f6hoxlx6.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'Explorer.exe'(5516) c:\program files\TeamViewer\Version7\tv_w32.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\AEADISRV.EXE c:\windows\system32\conhost.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\taskhost.exe c:\program files\TeamViewer\Version7\TeamViewer.exe c:\windows\system32\java.exe c:\windows\system32\conhost.exe c:\windows\system32\UI0Detect.exe c:\program files\TeamViewer\Version7\tv_w32.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Synaptics\SynTP\SynTPLpr.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Tidspunkt ferdig: 2012-01-08 18:36:55 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2012-01-08 17:36 . Pre-Run: 31 310 901 248 byte ledig Post-Run: 31 031 717 888 byte ledig . - - End Of File - - 13E4862942FC55A68D7180E118A95494 Log fra MBAM: Malwarebytes Anti-Malware (Prøveversjon) 1.60.0.1800 www.malwarebytes.org Databaseversjon: v2012.01.08.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Rune Thorvaldsen :: JOBBPC [administrator] Beskyttelse: Aktivert 08.01.2012 18:46:27 mbam-log-2012-01-08 (18-46-27).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 165502 Tid tilbakelagt: 4 minutt(er), 19 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) Lenke til kommentar
Dr.Geek Skrevet 8. januar 2012 Del Skrevet 8. januar 2012 Hi, det er nok noen som har skaffet seg tilgang til din Facebook Account/hakket Passordet ditt. Opprett ny passord som er sikker: https://www.microsoft.com/security/pc-security/password-checker.aspx Fjern uønskede apps i Facebook: http://www.easytweaks.com/2011/04/11/remove-are-you-interested-facebook/ Loggene ser ok ut. Spybot Search & Destroy er ikke verdt noe idag lenger, fullstendig utdatert AV-Software.Anbefaler å deinstallere, lager bare systemfeil. Kjør en scan med Hitman for å sjekke for Rootkits: http://www.surfright.nl/en/hitmanpro Post loggen. 1 Lenke til kommentar
RTH666 Skrevet 8. januar 2012 Forfatter Del Skrevet 8. januar 2012 Hei og takk for svaret men jeg er nå sikker på at det ikke er facebook kontoen min siden den er bedt om slettet og at jeg kan stå på hvilken som helst side (f.eks Diskusjon.no) og jeg plutselig blir flyttet over. Jeg kjørte en scan med Hitman og den fant heller ingenting infisert. Bildet som er lagt ved viser siden som kommer opp når jeg blir tvangsflyttet Lenke til kommentar
Dr.Geek Skrevet 9. januar 2012 Del Skrevet 9. januar 2012 Hei og takk for svaret men jeg er nå sikker på at det ikke er facebook kontoen min siden den er bedt om slettet og at jeg kan stå på hvilken som helst side (f.eks Diskusjon.no) og jeg plutselig blir flyttet over. Jeg kjørte en scan med Hitman og den fant heller ingenting infisert. Bildet som er lagt ved viser siden som kommer opp når jeg blir tvangsflyttet Post meg en OTL Log: http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ Scan med TDSS Killer: http://support.kaspersky.com/faq/?qid=208280684 Du bruker Cracks/Keygen: 2012-01-08 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2011-12-22 23:00] Cracks og ulovlig software inneholder oftest malware/virus 1 Lenke til kommentar
RTH666 Skrevet 9. januar 2012 Forfatter Del Skrevet 9. januar 2012 (endret) Har fjernet Cracks/ keygen. Vet ikke når og hvor den kom fra så det kan hende at den er roten til alt ondt. Ser foreløpig bra ut Det så bra ut i 6min før jeg ble kapret igjen Extras.Txt OTL.Txt Endret 9. januar 2012 av RTH666 Lenke til kommentar
Dr.Geek Skrevet 9. januar 2012 Del Skrevet 9. januar 2012 1. Hvor er loggen av TDSS Killer? Post den når du har scannet med programmet. 2. Fix med OTL: Deaktiver alle Antivirus-Guards, spesielt Spybots TEA Timer! Åpne OTL.exe. Kopier av og lim in følgenden Text inn i den hvite textboxen i OTL programmvinduet: :OTLIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 A2 88 C3 4F CE CC 01 [binary data] FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2011.12.30 12:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\RUNE THORVALDSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6HOXLX6.DEFAULT\EXTENSIONS\[email protected] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.04.03 21:17:16 | 000,001,980 | R--- | M] () - D:\AutoRun.ard -- [ CDFS ] O32 - AutoRun File - [2005.08.10 19:50:26 | 002,012,160 | R--- | M] (Longtion) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.04.03 21:17:16 | 000,000,659 | R--- | M] () - D:\AutoRun.ext -- [ CDFS ] O32 - AutoRun File - [2004.01.01 20:32:30 | 000,004,150 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ] O32 - AutoRun File - [2007.04.03 21:17:16 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.04.03 21:17:16 | 000,000,133 | R--- | M] () - D:\autorun.pro -- [ CDFS ] O32 - AutoRun File - [2007.04.03 21:17:16 | 000,001,996 | R--- | M] () - D:\AutoRun.rdt -- [ CDFS ] [2012.01.09 19:22:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] Lukk alle programmer Klikk på FIX OTL kommer til å restarte PCen. Lar den gjøre det og vent til det kommer opp et logg/textfil etter restarten. Post denne loggen her. 1 Lenke til kommentar
RTH666 Skrevet 9. januar 2012 Forfatter Del Skrevet 9. januar 2012 (endret) Glemte å legge med TDSSKiller-logfilen isted. Har kjørt scan en gang til nå etter at jeg kjørte OTLFIX. Spennede å se hva som skjer videre Det gikk 15min og en restart fra jeg postet her til jeg ble kapret ********************* Har kjørt en del restarts og det virker som den er ekstra hissig etter restart TDSSKiller-log.txt OTLFIXlog.txt Endret 9. januar 2012 av RTH666 Lenke til kommentar
RTH666 Skrevet 9. januar 2012 Forfatter Del Skrevet 9. januar 2012 (endret) Når har SupportYourVet.com + Zoosk + CastleVille begynt å komme opp også. Format og reinstall? ******************** Må teste ut litt mer men etter at jeg gikk bort fra Firefox og over på "nødløsningen" IE9 har jeg foreløpig ikke blitt kapret. Tilfeldig eller kan det være en forklaring? Endret 9. januar 2012 av RTH666 Lenke til kommentar
Dr.Geek Skrevet 10. januar 2012 Del Skrevet 10. januar 2012 Når har SupportYourVet.com + Zoosk + CastleVille begynt å komme opp også. Format og reinstall? ******************** Må teste ut litt mer men etter at jeg gikk bort fra Firefox og over på "nødløsningen" IE9 har jeg foreløpig ikke blitt kapret. Tilfeldig eller kan det være en forklaring? Loggene ser clean ut. Deinstaler Firefox og install på nytt. Problemet skal dermed være løst. Problemene dine hadde etter min mening tre årsaker: 1. Du lastet ned og installerte Cracks/Keygens 2. Facebook Kontoen din ble hacket og "overtatt". 2. Firefox ble hijacked noe som førte til redirections". Deinstall Combofix og OTL: Åpne OTL.exe og klikk på "cleanup". PCen vill restartes og programme slettet. 1 Lenke til kommentar
RTH666 Skrevet 10. januar 2012 Forfatter Del Skrevet 10. januar 2012 Takk for all hjelp. Det ser veldig bra ut nå, har ennå ikke blitt kapret en eneste i dag. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå