Maynard James Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 Hey. Tror pc'n min har blitt infisert av noe spyware lignende drit. Har et rødt kryss i toolbaren min, nede til høyre ved klokka, og denne spammer meg av og til med at "You have been infested blabla". Og denne tar meg til getveryluckytoday.cz. Noen som har noen tips om hvordan jeg får fjernet dette?, Har prøvd med MBAM, og da fikk jeg fjernet den, men den kom jaggu tilbake igjen. Hjelp meg :b Lenke til kommentar
Tosha0007 Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 følg veiledninga og post loggane det spørres om her i din eigen tråd Lenke til kommentar
Maynard James Skrevet 21. februar 2009 Forfatter Del Skrevet 21. februar 2009 Den tingen nede i taskbaren, det krysset er borte, men får fortsatt noen popups om at jeg er infisert. Har 2 MBAM logger, og 1 combofix log. Combofix: ComboFix 09-02-19.01 - Steinar 2009-02-21 16:38:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.3327.2765 [GMT 1:00] Kjører fra: c:\documents and settings\Steinar\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\INSTALL.LOG c:\windows\system32\init32.exe E:\install.exe Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\$NtServicePackUninstall$\userinit.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-21 til 2009-02-21 ))))))))))))))))))))))))))))))))) . 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\documents and settings\Steinar\Programdata\Malwarebytes 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-02-21 15:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-21 15:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-21 03:47 . 2009-02-21 03:50 <DIR> d-------- c:\programfiler\Google 2009-02-21 03:47 . 2009-02-21 04:48 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Google Updater 2009-02-17 16:44 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-02-17 16:43 . 2009-02-17 16:43 <DIR> d-------- c:\programfiler\Fellesfiler\logishrd 2009-02-16 17:55 . 2009-02-18 15:04 80 --a------ c:\windows\GPDCombo.ini 2009-02-16 17:51 . 2009-02-18 15:04 <DIR> d-------- c:\programfiler\PHDesk20 2009-02-16 17:18 . 2009-02-16 17:18 <DIR> d-------- c:\programfiler\Zator Systems 2009-02-15 23:38 . 2009-02-15 23:38 <DIR> d-------- c:\programfiler\NK-Inc.com 2009-02-15 23:27 . 2009-02-15 23:27 <DIR> d-------- c:\windows\system32\URTTEMP 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- c:\windows\Downloaded Installations 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- c:\programfiler\ISS 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- C:\Program Files 2009-02-15 23:25 . 2009-02-16 01:27 34 --a------ c:\windows\ais.ini 2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- C:\InfoVivo 2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- c:\documents and settings\Steinar\Programdata\net.dacons.mail.it 2009-02-15 23:19 . 2009-02-15 23:19 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Fellesfiler\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 516 --a------ c:\windows\{2721827E-D6D8-417d-8525-CFD1BBEFD0F0}_WiseFW.ini 2009-02-15 22:45 . 2009-02-15 22:45 <DIR> d-------- c:\programfiler\Diagnostix 2.0 Child Version 2009-02-15 22:45 . 2009-02-15 22:45 <DIR> d-------- c:\documents and settings\Steinar\Programdata\FileMaker 2009-02-15 22:19 . 2009-02-15 22:20 <DIR> d-------- c:\programfiler\Elizabeth Find MD - Diagnosis Mystery 2009-02-15 22:06 . 2009-02-15 22:06 <DIR> d-------- c:\programfiler\bfgclient 2009-02-15 22:05 . 2009-02-15 22:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\BigFishGamesCache 2009-02-08 00:48 . 2007-03-10 14:22 549,888 --a------ c:\windows\TheMatrix.scr 2009-02-08 00:48 . 2007-03-10 14:13 0 --a------ c:\windows\TheMatrix.ini 2009-02-05 23:47 . 2009-02-05 23:47 4,096 --a------ c:\windows\system32\crash 2009-02-05 19:27 . 2009-02-14 00:54 <DIR> d-------- c:\programfiler\Windows Live Safety Center 2009-01-27 16:27 . 2009-01-27 16:27 <DIR> d-------- c:\programfiler\Dia 2009-01-27 16:27 . 2009-01-27 16:31 <DIR> d-------- c:\documents and settings\Steinar\.dia 2009-01-25 15:31 . 2009-01-25 15:31 <DIR> d-------- c:\programfiler\Games 2009-01-21 19:03 . 2009-01-22 22:33 <DIR> d-------- c:\documents and settings\Steinar\Programdata\Apple Computer 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\QuickTime 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\iTunes 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\iPod 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\Bonjour 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\Apple Software Update 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Apple Computer 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-21 19:02 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-01-21 19:02 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-21 19:01 . 2009-01-21 19:01 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2009-01-21 19:01 . 2009-01-21 19:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 14:42 --------- d-----w c:\programfiler\Steam 2009-02-21 14:36 --------- d-----w c:\documents and settings\Steinar\Programdata\uTorrent 2009-02-18 14:04 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Programdata\TEMP 2009-02-16 12:38 --------- d-----w c:\documents and settings\Steinar\Programdata\dvdcss 2009-01-22 22:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Sports Interactive 2009-01-22 09:55 --------- d-----w c:\programfiler\NOS 2009-01-22 09:55 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\NOS 2009-01-20 15:04 --------- d-----w c:\programfiler\Plugins 2009-01-20 12:04 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-19 18:35 --------- d-----w c:\programfiler\Winamp 2009-01-19 18:27 --------- d-----w c:\programfiler\Winamp Remote 2009-01-19 18:24 --------- d-----w c:\documents and settings\Steinar\Programdata\zweitgeist 2009-01-19 18:19 --------- d-----w c:\documents and settings\Steinar\Programdata\Winamp 2009-01-16 16:48 --------- d-----w c:\documents and settings\Steinar\Programdata\Move Networks 2009-01-12 19:59 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-12 19:59 --------- d-----w c:\programfiler\Windows Live 2009-01-12 19:59 --------- d-----w c:\programfiler\Microsoft 2009-01-12 19:55 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-12 19:15 --------- d-----w c:\documents and settings\Steinar\Programdata\Sibelius Software 2009-01-12 19:13 --------- d-----w c:\programfiler\Sibelius Software 2009-01-07 17:27 --------- d-----w c:\programfiler\uTorrent 2009-01-01 12:38 --------- d-----w c:\programfiler\Java . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2008-10-10 868352] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-01 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\games\\CM4\\cm4.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\football manager 2009 demo\\fm.exe"= "c:\\Programfiler\\Records For Living, Inc\\HealthFrame v2\\HealthFrame Viewer.exe"= "c:\\Programfiler\\Records For Living, Inc\\HealthFrame v2\\HealthFrame Explorer.exe"= S2 gupdate1c993cef3c6f73e;Googles oppdateringstjeneste (gupdate1c993cef3c6f73e);c:\programfiler\Google\Update\GoogleUpdate.exe [2009-02-21 133104] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - GTNDIS5 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-21 c:\windows\Tasks\At1.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At10.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At11.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At12.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At13.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At14.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At15.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At16.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At17.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At18.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At19.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At2.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At20.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At21.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At22.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At23.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At24.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At25.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At26.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At27.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At28.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At29.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At3.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At30.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At31.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At32.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At33.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At34.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At35.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At36.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At37.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At38.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At39.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At4.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At40.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At41.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At42.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At43.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At44.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At45.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At46.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At47.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At48.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At5.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At6.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At7.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At8.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\At9.job - c:\windows\system32\EcWhk5NS.exe [] 2009-02-21 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 03:47] 2009-02-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2009-02-21 03:48] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Steinar\Programdata\Mozilla\Firefox\Profiles\xbum4oy7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\documents and settings\Steinar\Programdata\Mozilla\Firefox\Profiles\xbum4oy7.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\programfiler\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll FF - plugin: c:\programfiler\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 16:40:04 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2052111302-776561741-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Documents and Settings\\Steinar\\Skrivebord\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Programfiler\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games\\Liverpool.fm" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="18-F445-2843" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\GTGina.dll c:\windows\system32\Ati2evxx.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\programfiler\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe c:\programfiler\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe c:\windows\system32\wscntfy.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-21 16:41:29 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-21 15:41:27 Pre-Run: 1 057 026 048 byte ledig Post-Run: 1,891,766,272 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 320 --- E O F --- 2009-02-18 02:00:44 MBAM 1 Malwarebytes' Anti-Malware 1.34 Database version: 1784 Windows 5.1.2600 Service Pack 3 21.02.2009 15:49:21 mbam-log-2009-02-21 (15-49-21).txt Scan type: Quick Scan Objects scanned: 73827 Time elapsed: 1 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 2 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users.WINDOWS\Programdata\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users.WINDOWS\Programdata\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\EcWhk5NS.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\EcWhk5NS.exe_ (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Steinar\Lokale innstillinger\Temp\15683.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Steinar\Lokale innstillinger\Temp\16876.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Steinar\Skrivebord\viewtubesoftware.40018(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Steinar\Skrivebord\viewtubesoftware.40018.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\EcWhk5NS.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Steinar\Lokale innstillinger\Temp\7224.exe (Trojan.FakeAlert) -> Delete on reboot. MBAM 2 Malwarebytes' Anti-Malware 1.34 Database version: 1784 Windows 5.1.2600 Service Pack 3 21.02.2009 16:35:10 mbam-log-2009-02-21 (16-35-10).txt Scan type: Quick Scan Objects scanned: 73805 Time elapsed: 1 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Håper dette kan hjelpe. Lenke til kommentar
norbat Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post ny logg. File:: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job Filelook:: c:\windows\ais.ini Lenke til kommentar
Maynard James Skrevet 21. februar 2009 Forfatter Del Skrevet 21. februar 2009 ComboFix 09-02-19.01 - Steinar 2009-02-21 17:03:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.3327.2792 [GMT 1:00] Kjører fra: c:\documents and settings\Steinar\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Steinar\Skrivebord\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt * Resident AV is active FILE :: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-21 til 2009-02-21 ))))))))))))))))))))))))))))))))) . 2009-02-21 16:57 . 2009-02-21 16:57 <DIR> d-------- c:\windows\LastGood 2009-02-21 16:57 . 2009-02-21 16:57 <DIR> d-------- c:\programfiler\ESET 2009-02-21 16:57 . 2009-02-21 16:57 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\ESET 2009-02-21 16:57 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg 2009-02-21 16:57 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\documents and settings\Steinar\Programdata\Malwarebytes 2009-02-21 15:46 . 2009-02-21 15:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Malwarebytes 2009-02-21 15:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-21 15:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-21 03:47 . 2009-02-21 03:50 <DIR> d-------- c:\programfiler\Google 2009-02-21 03:47 . 2009-02-21 04:48 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Google Updater 2009-02-17 16:44 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-02-17 16:43 . 2009-02-17 16:43 <DIR> d-------- c:\programfiler\Fellesfiler\logishrd 2009-02-16 17:55 . 2009-02-18 15:04 80 --a------ c:\windows\GPDCombo.ini 2009-02-16 17:51 . 2009-02-18 15:04 <DIR> d-------- c:\programfiler\PHDesk20 2009-02-16 17:18 . 2009-02-16 17:18 <DIR> d-------- c:\programfiler\Zator Systems 2009-02-15 23:38 . 2009-02-15 23:38 <DIR> d-------- c:\programfiler\NK-Inc.com 2009-02-15 23:27 . 2009-02-15 23:27 <DIR> d-------- c:\windows\system32\URTTEMP 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- c:\windows\Downloaded Installations 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- c:\programfiler\ISS 2009-02-15 23:25 . 2009-02-15 23:25 <DIR> d-------- C:\Program Files 2009-02-15 23:25 . 2009-02-16 01:27 34 --a------ c:\windows\ais.ini 2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- C:\InfoVivo 2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- c:\documents and settings\Steinar\Programdata\net.dacons.mail.it 2009-02-15 23:19 . 2009-02-15 23:19 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-02-15 23:18 . 2009-02-15 23:18 <DIR> d-------- c:\programfiler\Fellesfiler\Records For Living, Inc 2009-02-15 23:18 . 2009-02-15 23:18 516 --a------ c:\windows\{2721827E-D6D8-417d-8525-CFD1BBEFD0F0}_WiseFW.ini 2009-02-15 22:45 . 2009-02-15 22:45 <DIR> d-------- c:\programfiler\Diagnostix 2.0 Child Version 2009-02-15 22:45 . 2009-02-15 22:45 <DIR> d-------- c:\documents and settings\Steinar\Programdata\FileMaker 2009-02-15 22:19 . 2009-02-15 22:20 <DIR> d-------- c:\programfiler\Elizabeth Find MD - Diagnosis Mystery 2009-02-15 22:06 . 2009-02-15 22:06 <DIR> d-------- c:\programfiler\bfgclient 2009-02-15 22:05 . 2009-02-15 22:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\BigFishGamesCache 2009-02-08 00:48 . 2007-03-10 14:22 549,888 --a------ c:\windows\TheMatrix.scr 2009-02-08 00:48 . 2007-03-10 14:13 0 --a------ c:\windows\TheMatrix.ini 2009-02-05 23:47 . 2009-02-05 23:47 4,096 --a------ c:\windows\system32\crash 2009-02-05 19:27 . 2009-02-14 00:54 <DIR> d-------- c:\programfiler\Windows Live Safety Center 2009-01-27 16:27 . 2009-01-27 16:27 <DIR> d-------- c:\programfiler\Dia 2009-01-27 16:27 . 2009-01-27 16:31 <DIR> d-------- c:\documents and settings\Steinar\.dia 2009-01-25 15:31 . 2009-01-25 15:31 <DIR> d-------- c:\programfiler\Games 2009-01-21 19:03 . 2009-01-22 22:33 <DIR> d-------- c:\documents and settings\Steinar\Programdata\Apple Computer 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\QuickTime 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\iTunes 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\iPod 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\Bonjour 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\programfiler\Apple Software Update 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Apple Computer 2009-01-21 19:02 . 2009-01-21 19:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-21 19:02 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-01-21 19:02 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-21 19:01 . 2009-01-21 19:01 <DIR> d-------- c:\programfiler\Fellesfiler\Apple 2009-01-21 19:01 . 2009-01-21 19:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Programdata\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 15:56 --------- d-----w c:\documents and settings\Steinar\Programdata\uTorrent 2009-02-21 14:42 --------- d-----w c:\programfiler\Steam 2009-02-18 14:04 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Programdata\TEMP 2009-02-16 12:38 --------- d-----w c:\documents and settings\Steinar\Programdata\dvdcss 2009-01-22 22:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\Sports Interactive 2009-01-22 09:55 --------- d-----w c:\programfiler\NOS 2009-01-22 09:55 --------- d-----w c:\documents and settings\All Users.WINDOWS\Programdata\NOS 2009-01-20 15:04 --------- d-----w c:\programfiler\Plugins 2009-01-20 12:04 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-19 18:35 --------- d-----w c:\programfiler\Winamp 2009-01-19 18:27 --------- d-----w c:\programfiler\Winamp Remote 2009-01-19 18:24 --------- d-----w c:\documents and settings\Steinar\Programdata\zweitgeist 2009-01-19 18:19 --------- d-----w c:\documents and settings\Steinar\Programdata\Winamp 2009-01-16 16:48 --------- d-----w c:\documents and settings\Steinar\Programdata\Move Networks 2009-01-12 19:59 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-12 19:59 --------- d-----w c:\programfiler\Windows Live 2009-01-12 19:59 --------- d-----w c:\programfiler\Microsoft 2009-01-12 19:55 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-12 19:15 --------- d-----w c:\documents and settings\Steinar\Programdata\Sibelius Software 2009-01-12 19:13 --------- d-----w c:\programfiler\Sibelius Software 2009-01-07 17:27 --------- d-----w c:\programfiler\uTorrent 2009-01-01 12:38 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-01 12:38 --------- d-----w c:\programfiler\Java 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ais.ini -- Not a PE file. MD5: a19954d4621ec9264c8264bb444fce08 ((((((((((((((((((((((((((((( SnapShot@2009-02-21_16.41.10.93 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-21 15:57:37 10,134 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\callmsi.exe + 2009-02-21 15:57:37 136,448 ----a-r c:\windows\Installer\{7D974ACA-4EE5-412C-8E6A-A5B57B305727}\egui.exe + 2008-02-20 10:01:30 39,944 ----a-w c:\windows\system32\drivers\eamon.sys + 2008-02-20 10:02:22 29,704 ----a-w c:\windows\system32\drivers\easdrv.sys + 2008-02-20 10:11:16 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys - 2009-02-21 14:54:46 62,286 ----a-w c:\windows\system32\perfc009.dat + 2009-02-21 15:43:55 62,286 ----a-w c:\windows\system32\perfc009.dat - 2009-02-21 14:54:46 70,732 ----a-w c:\windows\system32\perfc014.dat + 2009-02-21 15:43:55 70,732 ----a-w c:\windows\system32\perfc014.dat - 2009-02-21 14:54:46 400,624 ----a-w c:\windows\system32\perfh009.dat + 2009-02-21 15:43:55 400,624 ----a-w c:\windows\system32\perfh009.dat - 2009-02-21 14:54:46 404,486 ----a-w c:\windows\system32\perfh014.dat + 2009-02-21 15:43:55 404,486 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2008-10-10 868352] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-01 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "egui"="c:\programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\games\\CM4\\cm4.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\football manager 2009 demo\\fm.exe"= "c:\\Programfiler\\Records For Living, Inc\\HealthFrame v2\\HealthFrame Viewer.exe"= "c:\\Programfiler\\Records For Living, Inc\\HealthFrame v2\\HealthFrame Explorer.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800] R2 ekrn;Eset Service;c:\programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] S2 gupdate1c993cef3c6f73e;Googles oppdateringstjeneste (gupdate1c993cef3c6f73e);c:\programfiler\Google\Update\GoogleUpdate.exe [2009-02-21 133104] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - EAMON *NewlyCreated* - EASDRV *NewlyCreated* - EKRN *NewlyCreated* - EPFWTDIR *NewlyCreated* - GTNDIS5 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-21 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 03:47] 2009-02-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2009-02-21 03:48] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Steinar\Programdata\Mozilla\Firefox\Profiles\xbum4oy7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\documents and settings\Steinar\Programdata\Mozilla\Firefox\Profiles\xbum4oy7.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\programfiler\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll FF - plugin: c:\programfiler\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 17:04:34 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2052111302-776561741-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Documents and Settings\\Steinar\\Skrivebord\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Programfiler\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Steinar\\Mine dokumenter\\Sports Interactive\\Football Manager 2009\\games\\Liverpool.fm" "Language"="English" "LoadLangDB"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="18-F445-2843" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\GTGina.dll c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-02-21 17:05:15 ComboFix-quarantined-files.txt 2009-02-21 16:05:10 ComboFix2.txt 2009-02-21 15:41:30 Pre-Run: 1 434 611 712 byte ledig Post-Run: 1,424,216,064 byte ledig 331 --- E O F --- 2009-02-18 02:00:44 Lenke til kommentar
norbat Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 (endret) Hvordan går det med problemet? Endret 21. februar 2009 av norbat Lenke til kommentar
Maynard James Skrevet 21. februar 2009 Forfatter Del Skrevet 21. februar 2009 Ser ut som det er borte. Har fått installert en oppdatert versjon av NOD32 nå, lagt inn Spywareblaster og Ad-aware. Så jeg håper at alt vil bli greit nå Har du hørt om dette typen virus før? Lenke til kommentar
norbat Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 (endret) Ja, dette er en rimelig vanlig infeksjon. Man får melding om at pc'n er infisert, man blir bedt om å laste ned et program som skal fjerne infeksjon men må betale før det er mulig - noe alt for mange dessverre gjør. Les gjerne 'testen' av antimalwareprog slik at du kan velge det programmet som fungerer beste mot slikt Endret 21. februar 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå