Just nu i M3-nätverket
Jump to content

Skadligt program via länk på MSN


zed919

Recommended Posts

 

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:56, on 2010-03-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\LimeWire\LimeWire.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15183&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSNCleaner] C:\Users\Niklas\AppData\Local\Temp\Rar$EX00.851\MSNCleaner.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - Startup: ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Skicka till Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Skicka till &Bluetooth-enhet... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10218 bytes

 

 

 

SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/01/2010 at 09:52 PM Application Version : 4.34.1000 Core Rules Database Version : 4626 Trace Rules Database Version: 2438 Scan type : Complete Scan Total Scan Time : 00:48:30 Memory items scanned : 152 Memory threats detected : 0 Registry items scanned : 7564 Registry threats detected : 0 File items scanned : 40791 File threats detected : 66 Adware.Tracking Cookie C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@statcounter[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@bs.serving-sys[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@server.iad.liveperson[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@serving-sys[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@casalemedia[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@doubleclick[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@server.iad.liveperson[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@advertising[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@pro-market[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@tradedoubler[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@content.yieldmanager[5].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@content.yieldmanager[6].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@eas4.emediate[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@specificclick[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@ad.yieldmanager[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@adtech[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@atdmt[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@account.7digital[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@bluestreak[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@zedo[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@msnportal.112.2o7[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@tribalfusion[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@xiti[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@imrworldwide[4].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@track.adform[5].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@avgtechnologies.112.2o7[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@content.yieldmanager[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@www.googleadservices[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@www.searchmp3tracks[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@sales.liveperson[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@revsci[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@sales.liveperson[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@casalemedia[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@adsby.webtraffic[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@overture[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@msnportal.112.2o7[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@ad.yieldmanager[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@imrworldwide[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@rotator.adjuggler[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@track.adform[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@server.cpmstar[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@tradedoubler[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@chitika[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@viacom.adbureau[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@sifomedia.tv[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@2o7[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@advertising[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@doubleclick[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\Low\niklas@atdmt[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@content.yieldmanager[4].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@content.yieldmanager[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@content.yieldmanager[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@bs.serving-sys[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@serving-sys[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@imrworldwide[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@revsci[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@track.adform[4].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@track.adform[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@track.adform[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@ads.admaxasia[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@imrworldwide[3].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@2o7[2].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@account.7digital[1].txt C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Cookies\niklas@msnportal.112.2o7[1].txt Trojan.VXGame-Variant/D D:\ALLT!\SPEL\SUPER MARIO GAMES COLLECTION [ENGLISH][PC][WWW.GAMESTORRENTS.COM]\SETUP.EXE D:\ALLT!\SPEL\SUPER MARIO GAMES COLLECTION [ENGLISH][PC][WWW.GAMESTORRENTS.COM]\SUPER MARIO EXE\SUPER MARIO PC CHALLENGE 7\RE.EXE

 

Link to comment
Share on other sites

Kan du vara snäll och klistra in loggarna direkt i ditt inlägg utan användning av någon knapp så att det går att läsa dem.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...