Gå till innehåll

Laggman

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    1

  • Gick med

  • Besökte senast

 Innehållstyp 

Inlägg postade av Laggman

    Möjlig keylogger.

    i Borttagning av virus och andra skadliga program

    Postad

    Hej, jag har funnit mig själv keyloggad, och jag har kört scans med AVG Antivir, NOD32, Spyware doctor, Ad-aware och Anti-keylogger men jag är tveksam till att denna okända keylogger är borta för all framtid. Därav har jag kört Hijackthis och fått en rapport som jag lägger in och hoppas få respons på av någon mer insatt, tack på förhand!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:22:21, on 2009-12-25

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v7.00 (7.00.6000.16945)

    Boot mode: Normal

    Running processes:

    C:\Windows\System32\smss.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\winlogon.exe

    C:\Program Files\AVG\AVG9\avgchsvx.exe

    C:\Program Files\AVG\AVG9\avgrsx.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\AVG\AVG9\avgcsrvx.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\AVG\AVG9\avgwdsvc.exe

    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

    C:\Program Files\AVG\AVG9\avgam.exe

    C:\Program Files\AVG\AVG9\avgnsx.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\PnkBstrA.exe

    C:\Windows\system32\svchost.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\Program Files\Spyware Doctor\pctsSvc.exe

    C:\Windows\system32\svchost.exe

    C:\Windows\System32\svchost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Program Files\AVG\AVG9\avgemc.exe

    C:\Program Files\AVG\AVG9\avgcsrvx.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\AVG\AVG9\avgcsrvx.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files\Spyware Doctor\pctsTray.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Windows\RtHDVCpl.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\AVG\AVG9\avgtray.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\Pando Networks\Media Booster\PMB.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

    C:\Users\LAGGMAN\Desktop\Ventrilo.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O2 - BHO: (no name) - {3A303EF6-2598-4D2D-B4DA-DEFA7CD0DC51} - (no file)

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [recinfo352] c:\RecInfo\RecInfo.exe

    O4 - HKLM\..\Run: [recinfo] RecInfo.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [skytel] Skytel.exe

    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

    O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winamp32.rom,TVMRun

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

    O4 - HKCU\..\Run: [MS_MASTER] RUNDLL32.EXE C:\Users\LAGGMAN\AppData\Local\Temp\xml_inc.dll,i

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

    O20 - AppInit_DLLs: avgrsstx.dll

    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\DragonAge\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --

    End of file - 8841 bytes

×
×
  • Skapa nytt...