[LØST] POP-UP og linker på Facebook

3 innlegg i emnet

Skrevet

Når jeg er inne på en eller annen side blir jeg plutselig kastet over til login på facebook og en aplikasjon som heter "Are YOU interested" overtar. Jeg har blokkert denne aplikasjonen mange ganger i dag men den legger seg fort tilbake i tilatte apper. I tillegg til dette så la det seg ut linker som jeg tilsyneslatende postet som tydelig inneholdt porno. Jeg slettet til slutt FB kontoen min for å unngå videre spredning.

Jeg har kjørt full scan og reprasjon med Microsoft Security Essential, Spybot-Search and destroy samt Ccleaner.

Har i tilegg kjørt programmene som står anbefalt i "Logganalyse på 1-2-3" her.

Log fra Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:44:37, on 08.01.2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.exe

C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\hjt\Trend Micro\HiJackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6404 bytes

Log fra Combofix:

ComboFix 12-01-07.03 - Rune Thorvaldsen 08.01.2012 18:11:43.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1033.18.2550.1168 [GMT 1:00]

Kjører fra: c:\users\Rune Thorvaldsen\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Rune Thorvaldsen\AppData\Local\Temp\jna6630056340369098495.dll

c:\users\RUNETH~1\AppData\Local\Temp\jna6630056340369098495.dll

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-12-08 til 2012-01-08 )))))))))))))))))))))))))))))))))

.

.

2012-01-08 17:22 . 2012-01-08 17:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl8928a502.sys

2012-01-08 17:20 . 2012-01-08 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-08 17:07 . 2012-01-08 17:07 -------- d-----w- c:\program files\Trend Micro

2012-01-08 16:52 . 2012-01-08 16:52 -------- d-----w- c:\programdata\Malwarebytes

2012-01-08 16:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-08 16:52 . 2012-01-08 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-08 13:36 . 2012-01-08 13:36 -------- d-----w- c:\program files\CCleaner

2012-01-08 10:32 . 2012-01-08 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-01-08 10:32 . 2012-01-08 10:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-01-07 23:11 . 2012-01-07 23:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl08e2dab3.sys

2012-01-07 23:11 . 2012-01-08 17:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\offreg.dll

2012-01-07 23:11 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\mpengine.dll

2012-01-07 20:03 . 2012-01-07 20:05 -------- d-----w- c:\programdata\PMS

2012-01-07 20:03 . 2012-01-08 17:23 -------- d-----w- c:\program files\PS3 Media Server

2012-01-07 17:00 . 2012-01-07 17:00 -------- d-----w- c:\program files\FileZilla FTP Client

2012-01-05 22:13 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll

2012-01-05 22:13 . 2012-01-05 22:13 -------- d-----w- c:\program files\Nitro PDF

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-01-04 19:32 . 2012-01-04 19:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-01-04 19:32 . 2012-01-04 19:32 -------- d-----w- c:\program files\QuickTime

2012-01-04 19:32 . 2012-01-04 19:32 -------- d-----w- c:\programdata\Apple Computer

2012-01-04 19:31 . 2012-01-04 19:31 -------- d-----w- c:\program files\Common Files\Apple

2012-01-04 19:30 . 2012-01-04 19:30 -------- d-----w- c:\program files\Apple Software Update

2012-01-04 19:30 . 2012-01-04 19:30 -------- d-----w- c:\programdata\Apple

2012-01-03 22:43 . 2012-01-03 22:43 -------- d-----w- c:\program files\Aurora3D

2012-01-01 18:08 . 2012-01-01 18:10 -------- d-----w- C:\RfcClient

2012-01-01 18:06 . 2012-01-01 18:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2012-01-01 15:18 . 2012-01-01 15:19 -------- d-----w- c:\program files\rFactor

2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\windows\Sun

2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\program files\Common Files\Java

2011-12-30 11:48 . 2011-12-30 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-30 11:48 . 2011-12-30 11:48 -------- d-----w- c:\program files\Java

2011-12-29 17:40 . 2011-12-29 17:40 -------- d-----w- c:\program files\WP Driver

2011-12-29 17:40 . 2011-12-29 17:40 -------- d-----w- c:\program files\WP

2011-12-29 17:37 . 2010-03-12 17:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys

2011-12-29 17:37 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys

2011-12-29 17:37 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD

2011-12-29 13:44 . 2011-12-29 13:44 -------- d-----w- c:\program files\Common Files\Adobe

2011-12-29 13:40 . 2011-12-29 13:40 -------- d-----w- c:\windows\system32\Adobe

2011-12-29 13:39 . 2011-12-29 13:39 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-12-26 21:06 . 2011-12-26 21:06 -------- d-----w- c:\program files\7-Zip

2011-12-26 20:14 . 2011-12-26 20:14 -------- d-----w- c:\program files\uTorrent

2011-12-26 19:45 . 2011-12-26 19:45 -------- d-----w- c:\windows\WindowsMobile

2011-12-24 14:16 . 2011-11-21 01:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-24 14:09 . 2011-12-24 14:09 -------- d-----w- c:\program files\Webteh

2011-12-23 16:38 . 2011-12-29 13:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-23 16:38 . 2011-12-23 16:38 -------- d-----w- c:\windows\system32\Macromed

2011-12-23 05:17 . 2012-01-08 12:21 -------- d-----w- c:\windows\Panther

2011-12-23 05:16 . 2011-12-23 05:16 -------- d-----w- C:\Boot

2011-12-22 23:00 . 2011-12-23 10:08 -------- d-----w- c:\windows\AutoKMS

2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft Sync Framework

2011-12-22 22:49 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-12-22 22:47 . 2011-12-22 22:47 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-12-22 22:46 . 2011-12-22 22:46 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-12-22 22:43 . 2011-12-27 11:45 -------- d-----w- c:\programdata\Microsoft Help

2011-12-22 22:42 . 2011-12-22 22:42 -------- d-----r- C:\MSOCache

2011-12-22 22:26 . 2012-01-01 12:57 -------- d-----w- c:\program files\BELIMO

2011-12-22 21:58 . 2011-12-22 21:58 -------- d-----w- c:\program files\Microsoft Silverlight

2011-12-22 21:54 . 2011-12-22 21:54 -------- d-----w- c:\program files\TeamViewer

2011-12-22 21:37 . 2011-12-22 21:36 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C306C72-953B-425D-B011-2196E79D4D4F}\gapaengine.dll

2011-12-22 21:33 . 2011-12-22 21:33 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-22 21:16 . 2011-12-22 22:49 -------- d-----w- c:\program files\Microsoft.NET

2011-12-22 21:15 . 2011-12-22 21:15 -------- d-----w- C:\8f02be957aefcb7382d105cd3fcf958e

2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\nb-NO

2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\no

2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\drivers\nb-NO

2011-12-22 21:08 . 2011-12-22 21:08 -------- d-----w- c:\windows\system32\drivers\UMDF\nb-NO

2011-12-22 21:07 . 2011-12-22 21:55 -------- d-----w- c:\windows\system32\wbem\nb-NO

2011-12-22 21:01 . 2011-12-22 21:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-12-22 21:00 . 2011-12-22 21:00 -------- d-----w- c:\windows\PCHEALTH

2011-12-22 21:00 . 2012-01-08 17:07 -------- d-sh--w- c:\windows\Installer

2011-12-22 20:57 . 2011-12-22 20:57 -------- d-----w- c:\program files\Synaptics

2011-12-22 20:54 . 2011-12-22 20:54 -------- d-----w- c:\program files\Analog Devices

2011-12-22 20:50 . 2009-07-13 17:34 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\nb-NO\LXKPTPRC.DLL.mui

2011-12-22 20:48 . 2011-12-22 20:48 -------- d-----w- c:\program files\CONEXANT

2011-12-22 20:48 . 2011-12-22 20:48 -------- d-----w- c:\program files\Protector Suite

2011-12-22 20:46 . 2011-11-30 01:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BBA19EF-C5E3-4FAF-A201-EF6521183E32}\mpengine.dll

2011-12-22 20:46 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-22 20:42 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-12-22 20:42 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-12-22 20:39 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-12-22 20:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-12-22 20:28 . 2009-08-06 16:15 1002008 ----a-w- c:\windows\system32\igxpun.exe

2011-12-22 20:25 . 2012-01-01 12:25 -------- d-----w- c:\users\Rune Thorvaldsen

2011-12-22 20:25 . 2011-12-22 20:25 -------- d-----w- C:\Recovery

2011-12-22 17:33 . 2012-01-01 13:09 -------- d-----w- C:\Rens

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-22 21:06 . 2011-12-22 21:06 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-12-22 21:06 . 2011-12-22 21:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-12-22 21:06 . 2011-12-22 21:06 152064 ----a-w- c:\windows\system32\wextract.exe

2011-12-22 21:06 . 2011-12-22 21:06 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-24 04:25 . 2011-12-22 20:44 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 04:26 . 2011-12-22 20:45 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-12-21 08:01 . 2011-12-27 15:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl5c3c7619;MpKsl5c3c7619;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6458848-6D39-43A5-8789-D91FFB50686E}\MpKsl5c3c7619.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt; [x]

S1 MpKsl08e2dab3;MpKsl08e2dab3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF29EAC3-8E17-4677-AED8-69ED97F10155}\MpKsl08e2dab3.sys [2012-01-07 29904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - MPKSL8928A502

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-01-08 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2011-12-22 23:00]

.

.

------- Tilleggsskanning -------

.

IE: E&ksporter til Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd til OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

FF - ProfilePath - c:\users\Rune Thorvaldsen\AppData\Roaming\Mozilla\Firefox\Profiles\f6hoxlx6.default\

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

.

- - - - - - - > 'Explorer.exe'(5516)

c:\program files\TeamViewer\Version7\tv_w32.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\AEADISRV.EXE

c:\windows\system32\conhost.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\taskhost.exe

c:\program files\TeamViewer\Version7\TeamViewer.exe

c:\windows\system32\java.exe

c:\windows\system32\conhost.exe

c:\windows\system32\UI0Detect.exe

c:\program files\TeamViewer\Version7\tv_w32.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2012-01-08 18:36:55 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-01-08 17:36

.

Pre-Run: 31 310 901 248 byte ledig

Post-Run: 31 031 717 888 byte ledig

.

- - End Of File - - 13E4862942FC55A68D7180E118A95494

Log fra MBAM:

Malwarebytes Anti-Malware (Prøveversjon) 1.60.0.1800

www.malwarebytes.org

Databaseversjon: v2012.01.08.03

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Rune Thorvaldsen :: JOBBPC [administrator]

Beskyttelse: Aktivert

08.01.2012 18:46:27

mbam-log-2012-01-08 (18-46-27).txt

Skanntype: Hurtigsøk

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 165502

Tid tilbakelagt: 4 minutt(er), 19 sekund(er)

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0

(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0

(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0

(Ingen skadelige objekter funnet)

Mapper oppdaget: 0

(Ingen skadelige objekter funnet)

Filer oppdaget 0

(Ingen skadelige objekter funnet)

(klar)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Nå skal ikke jeg uttale meg om loggene, bortsett ifra at mbam ikke fant noe, men det kan godt hende det er nok å endre passord på kontoe(ne) som er tilknyttet facebook.

Ellers kan det være greit å øke sikkerheten i facebook (og eksempelvis gmail, om du bruker det) ved å be om verifisering via mobil. Det vil si at du får en SMS fra facebook om det forsøkes å logge på via en enhet som ikke er godkjent av deg i profilen din. :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Problemet var nettleseren tydeligvis. Når jeg gikk fra Firefox og tilbake til IE9 hadde jeg ikke problemer, jeg har heller ikke hatt problem etter avinstall av firefox og reinstallering

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive