IcedInsanity Skrevet 14. september 2008 Del Skrevet 14. september 2008 Kan noen se over disse? Hjt logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:33:49, on 14.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Grid audio] "C:\ProgramData\date kind kind.z6kzq9z" O4 - HKLM\..\Policies\Explorer\Run: [wskrnl] "C:\Windows\system32\wskrnl.exe" -at O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- End of file - 3336 bytes Combo logg: ComboFix 08-09-13.05 - NorthShore 2008-09-14 16:21:38.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.161 [GMT 2:00] Running from: C:\Users\NorthShore\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 ))))))))))))))))))))))))))))))) . 2008-09-14 15:23 . 2008-09-14 16:16 <DIR> d-------- C:\Skrivebord 2008-09-14 15:02 . 2008-09-14 15:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-14 13:58 . 2008-09-14 13:58 0 --a------ C:\Windows\nsreg.dat 2008-09-14 13:57 . 2008-09-14 13:57 <DIR> d-------- C:\Users\NorthShore\AppData\Roaming\.wyzo 2008-09-14 13:54 . 2008-09-14 13:54 <DIR> d-------- C:\Program Files\VisualContext 2008-09-14 13:51 . 2008-09-14 13:52 <DIR> d-------- C:\Users\All Users\bags fork dead 2008-09-14 13:51 . 2008-09-14 13:52 <DIR> d-------- C:\ProgramData\bags fork dead 2008-09-13 12:56 . 2008-09-13 12:56 <DIR> d-------- C:\Program Files\AARONS CLIKER 2008-09-12 19:51 . 2008-09-12 19:51 23 --a------ C:\Windows\System32\dfbdffb6_g.ocx 2008-09-12 19:50 . 2008-09-12 19:50 <DIR> d-------- C:\Program Files\RegSupreme 2008-09-10 12:31 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 12:30 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 12:30 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 12:30 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 12:30 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 12:30 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 12:30 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-07 17:27 . 2008-09-07 17:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-09-06 13:03 . 2008-09-06 14:50 <DIR> d-------- C:\frostwireeee 2008-09-05 20:20 . 2008-09-05 20:20 <DIR> d-------- C:\Program Files\XemiComputers 2008-09-04 14:46 . 1996-11-05 16:13 299,008 --a------ C:\Windows\uninst.exe 2008-09-04 12:53 . 2008-09-04 13:05 <DIR> d-------- C:\NESten 2008-09-04 10:49 . 2008-09-04 10:49 <DIR> d-------- C:\Program Files\CCleaner 2008-08-22 19:06 . 2008-08-22 19:07 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-08-22 19:06 . 2008-08-22 19:07 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-08-22 19:06 . 2008-08-22 19:07 <DIR> d-------- C:\Program Files\NCH Software 2008-08-22 19:06 . 2008-08-22 19:06 27,136 --a------ C:\Windows\System32\drivers\nchssvad.sys 2008-08-22 19:05 . 2008-08-27 16:46 <DIR> d-------- C:\Users\NorthShore\AppData\Roaming\NCH Swift Sound 2008-08-22 19:03 . 2008-09-07 17:33 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-22 15:07 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-22 15:07 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-22 15:07 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-22 15:07 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-22 15:06 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-22 15:06 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-22 15:06 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-22 15:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-22 15:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-15 12:47 . 2008-09-14 14:57 <DIR> d-------- C:\Users\NorthShore\AppData\Roaming\FrostWire 2008-08-15 12:43 . 2008-08-15 12:44 <DIR> d-------- C:\Program Files\FrostWire 2008-08-14 15:14 . 2008-08-14 15:14 <DIR> d-------- C:\Users\NorthShore\AppData\Roaming\Comodo 2008-08-14 15:14 . 2008-08-14 19:55 <DIR> d-------- C:\Users\All Users\comodo 2008-08-14 15:14 . 2008-08-14 19:55 <DIR> d-------- C:\ProgramData\comodo 2008-08-14 15:14 . 2008-08-14 15:14 <DIR> d-------- C:\Program Files\COMODO 2008-08-14 15:14 . 2008-08-15 12:28 143,104 --a------ C:\Windows\System32\guard32.dll 2008-08-14 15:14 . 2008-08-15 12:28 85,008 --a------ C:\Windows\System32\drivers\cmdguard.sys 2008-08-14 15:14 . 2008-08-15 12:28 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys 2008-08-14 13:56 . 2008-08-14 13:56 <DIR> d-------- C:\Limewoores 2008-08-14 13:34 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-14 13:34 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-14 13:34 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-14 13:33 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-14 13:33 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 18:24 --------- d-----w C:\ProgramData\syswin 2008-08-15 10:44 --------- d-----w C:\Program Files\LimeWire 2008-08-14 11:56 --------- d-----w C:\Users\NorthShore\AppData\Roaming\LimeWire 2008-08-01 16:59 --------- d-----w C:\Program Files\Electronic Arts 2008-07-30 14:56 --------- d-----w C:\ProgramData\lxsass 2008-07-25 22:00 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-25 18:05 --------- d-----w C:\Users\NorthShore\AppData\Roaming\Samsung 2008-07-25 18:01 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys 2008-07-25 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-25 17:39 --------- d-----w C:\Program Files\Samsung 2008-07-25 13:07 --------- d-----w C:\Users\NorthShore\AppData\Roaming\Winamp 2008-07-25 13:07 --------- d-----w C:\Program Files\Winamp 2008-07-23 17:50 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-07-23 17:49 --------- d-----w C:\Users\NorthShore\AppData\Roaming\GARMIN 2008-07-23 17:42 --------- d-----w C:\Program Files\Garmin GPS Plugin 2008-07-19 09:39 174 --sha-w C:\Program Files\desktop.ini 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Mail 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Journal 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Defender 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Collaboration 2008-07-19 09:26 --------- d-----w C:\Program Files\Windows Calendar 2008-07-18 07:59 --------- d-----w C:\Program Files\Java 2008-07-18 07:57 --------- d-----w C:\Program Files\Common Files\Java 2008-07-16 20:33 --------- d-----w C:\ProgramData\McAfee 2008-07-16 09:17 --------- d--h--w C:\ProgramData\CanonBJ 2008-07-16 09:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-16 09:03 --------- d-----w C:\ProgramData\NOS 2008-07-16 09:03 --------- d-----w C:\Program Files\NOS 2008-07-15 09:11 --------- d-----w C:\Program Files\Windows Live 2008-07-15 09:10 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-15 08:59 --------- d-----w C:\ProgramData\WLInstaller 2008-07-14 22:50 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-07-14 22:48 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-14 22:48 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-14 22:48 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-14 22:48 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-14 22:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Start-meny 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Skrivebord 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Programdata 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Maler 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Favoritter 2008-07-14 21:11 --------- d-sh--w C:\ProgramData\Dokumenter 2008-07-14 21:11 --------- d-sh--w C:\Program Files\Fellesfiler . ((((((((((((((((((((((((((((( snapshot@2008-09-14_16.02.11.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-14 07:29:27 147,456 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-14 14:11:36 147,456 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-09-14 13:58:42 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-14 14:27:51 155,648 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-09-14 07:30:13 5,524 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1738115418-2903614203-1946649977-1000_UserData.bin + 2008-09-14 14:12:18 5,524 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1738115418-2903614203-1946649977-1000_UserData.bin - 2008-09-14 07:30:13 46,096 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-14 14:12:18 46,190 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-14 07:30:10 26,742 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-14 14:12:16 26,782 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Grid audio"="C:\ProgramData\date kind kind.z6kzq9z" [X] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 36352] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-15 1655552] "SoundMan"="SOUNDMAN.EXE" [2007-03-09 C:\Windows\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "wskrnl"="C:\Windows\system32\wskrnl.exe" [2004-09-30 958464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\Windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{587602F3-1E58-4992-8553-1C85FCCBDBF9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{0E218934-173D-4912-A453-6D0C34D648E2}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{6A36F2DA-72A6-423A-BBD3-0E2B09B9F9E7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{100CD627-2FC7-4F57-A2A4-3D63CB911CFE}C:\\progzzz\\limewire\\limewire.exe"= UDP:C:\progzzz\limewire\limewire.exe:LimeWire "UDP Query User{8555BAB9-2996-4CD0-AD44-D5A16905AECA}C:\\progzzz\\limewire\\limewire.exe"= TCP:C:\progzzz\limewire\limewire.exe:LimeWire "TCP Query User{A68458FD-2D99-4E13-AA50-62EDB2DFF94B}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer "UDP Query User{F4839623-95B2-48B4-8E42-79C45328E68D}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer "{FAF8E159-C32F-49D1-80CB-6184D428CC02}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{7441A422-E339-403A-BA5E-4188A96E131C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{C6DD7F38-7928-4A8C-A214-D319A0D1AD87}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{45B5F75E-A241-49D7-B676-DB1FEEF8049F}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{8AA1436E-032A-4EA9-9807-C37B18F9240F}C:\\programfiler\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\programfiler\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{9B777712-FA16-4BB6-935A-CAF4B3BBEA5F}C:\\programfiler\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\programfiler\windows live\messenger\msnmsgr.exe:Windows Live Messenger R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-08-15 85008] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-08-15 25104] R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] R3 wskrnlc;wskrnlc;C:\Windows\system32\drivers\wskrnlc.sys [2003-12-12 5632] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\NorthShore\AppData\Roaming\Mozilla\Firefox\Profiles\wqj35zq7.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.darkthrone.com/overview?_msid=290760 FF -: plugin - C:\Users\NorthShore\AppData\Roaming\Mozilla\Firefox\Profiles\wqj35zq7.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 16:27:49 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-14 16:31:49 ComboFix-quarantined-files.txt 2008-09-14 14:31:32 ComboFix2.txt 2008-09-14 14:03:46 Pre-Run: 9,372,430,336 byte ledig Post-Run: 9,344,569,344 byte ledig 187 --- E O F --- 2008-09-11 01:02:11 Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster om den fant noe Punkt 2: Åpne notisblokk og kopier inn det som står i fet tekst under. Lagre fila på skrivebordet som CFScript.txt Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen Folder:: C:\Users\All Users\bags fork dead C:\ProgramData\bags fork dead Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Grid audio"=- Fortell hva som var problemet og hvordan det nå går. Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Malware logg: Malwarebytes' Anti-Malware 1.28 Database versjon: 1150 Windows 6.0.6001 Service Pack 1 14.09.2008 18:05:36 mbam-log-2008-09-14 (18-05-36).txt Skanntype: Rask Skann Objekter skannet: 35555 Tid tilbakelagt: 3 minute(s), 42 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 2 Registernøkler infisert: 3 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 8 Minneprosesser infisert: C:\Windows\System32\wskrnl.exe (Spyware.Agent) -> Failed to unload process. Minnemoduler infisert: C:\Windows\System32\wskrnlc.dll (Spyware.Agent) -> Delete on reboot. C:\Windows\System32\wskrnld.dll (Spyware.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wskrnlc (Spyware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\wskrnl (Spyware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wskrnl (Spyware.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\wskrnlc.vxd (Spyware.ActMon) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\wskrnlc.sys (Spyware.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\wskrnl.exe (Spyware.Agent) -> Delete on reboot. C:\Windows\System32\wskrnlb.dll (Spyware.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\wskrnlb.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\wskrnlc.dll (Spyware.Agent) -> Delete on reboot. C:\Windows\System32\wskrnld.dll (Spyware.Agent) -> Delete on reboot. C:\Windows\System32\wskrnle.dll (Spyware.Agent) -> Quarantined and deleted successfully. Skal restarte nå og se om hvordan det går Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Må bruke en annen laptop nå. for min reagerer ikke hverken på touchpaden eller tastatur etter reboot... Hjelp?? Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 (endret) Kunne du ha startet pc'n i sikker modus og sjekket om tastatur og touchpad fungerer der? Det som er saken er at du hadde en spyware/keylogger som heter ActMon. Den registerer tastetrykk og tar skjermbilder. Når denne fjernes, så kan det bli noe kluss slik du opplever. Endret 14. september 2008 av norbat Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Har prøvd alle moduser..funker ikke i noen. Men tastatur virker i setup/boot menyen..... Lenke til kommentar
Bruker-158599 Skrevet 14. september 2008 Del Skrevet 14. september 2008 Kunne du ha startet pc'n i sikker modus og sjekket om tastatur og touchpad fungerer der? Det som er saken er at du hadde en spyware som heter ActMon. Den registerer tastetrykk og tar skjermbilder. Når denne fjernes, så kan det bli noe kluss slik du opplever. ogsen kan han starte datan i sikkerhets modus hvis ikke tastaturet fungerer? Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Det funker når eg skal velge modus og i setup/boot meny..men ikke når eg kommer til win passord skjermen Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 Kunne du ha forsøkt med et eksternt usb-tastatur for å se om det omgår problemet? Problemet som har oppstått er at når driveren til keyloggeren fjernes, mister windows kontakt med tastatur. Du kunne ha kjørt en repair av windows (vil reinstallere windows uten tap av data) evt. en systemgjenoppretting til før keyloggeren ble fjernet (anbefales ikke). Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Har ikke usb tastatur...men kan eg ta repair av win uten tastatur? eller kan eg starte opp fra win inst cd'en og reinstallere windows? Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 Hvis du har en Vista-cd, booter du fra den. Derfra skal du få valget om å reparer etc. Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Da gjør eg d Lenke til kommentar
norbat Skrevet 14. september 2008 Del Skrevet 14. september 2008 (endret) Må nesten spørre: Har du selv installert denne programvaren (ActMon Computer Monitoring) eller har du vært helt uvitende? Edit: Hvis du under boot fra Vista-cd'n har mulighet til å kjøre en systemgjenoppretting til før MBAM fjernet keyloggeren, så kunne det være verdt et forsøk, for deretter å se om det gikk an å fjerne keyloggeren fra legg til/fjern programmer. Endret 14. september 2008 av norbat Lenke til kommentar
IcedInsanity Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 Ja,har nok selvpåført meg den Actmon greien.. Men har prøvd å avinstallere den men den finnes ikke på legg til/fjern programmer.... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå