elhacko Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 (endret) Høres ganske rart ut, men satt og så på en film så kom det opp en melding. You have 18 threats on your computer. Også var det fra et program som jeg ikke har innstalert. Det heter sexurity tool. Og etter dette programmet kom opp så ber de meg om å kjøpe full versjonen av det. Og skrive bakgrunnen min har forsvunnet samt alle skrivebords ikonene. Så vet noen hva jeg kan gjøre?` Edit: Det går ikke an å lukke programmet heller, finner det heller ikke på "fjern programmer" Kjekker tråden når jeg har stått opp. Endret 9. oktober 2009 av elhacko Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 (endret) tok en Malwarebytes' Anti-Malware scan. Det kom opp noen infiserte filer. Trykte på fjern og nå kommer ikke dette "virus programmet" opp mer. Poster loggen så dere kan se om det er blitt fjernet? Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.41Databaseversjon: 2927 Windows 5.1.2600 Service Pack 2 09.10.2009 04:39:39 mbam-log-2009-10-09 (04-39-35).txt Skanntype: Rask Skann Objekter skannet: 99048 Tid tilbakelagt: 3 minute(s), 56 second(s) Minneprosesser infisert: 1 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 3 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 5 Minneprosesser infisert: C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken. Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run9230620 (Trojan.FakeAlert.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\All Users\Programdata9230620 (Rogue.Multiple) -> No action taken. Filer infisert: C:\Documents and Settings\All Users\Programdata92306209230620.exe (Trojan.FakeAlert.H) -> No action taken. C:\Documents and Settings\Andreas\Skrivebord\Security Tool.LNK (Rogue.SecurityTool) -> No action taken. C:\Documents and Settings\Andreas\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> No action taken. C:\Programfiler\Explorer\keys.txt (Password.Stealer) -> No action taken. C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken. Endret 9. oktober 2009 av elhacko Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 (endret) Her er combofix loggen. Klikk for å se/fjerne innholdet nedenfor ComboFix 09-10-07.05 - Andreas 09.10.2009 4:47.4.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.3326.2674 [GMT 2:00] Kjører fra: c:\documents and settings\Andreas\Mine dokumenter\Downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\NPROTECT0000000.DAT c:\recycler\NPROTECT0000001.DAT c:\recycler\NPROTECT0000002 c:\recycler\NPROTECT0000003 c:\recycler\NPROTECT0000004 c:\recycler\NPROTECT0000005 c:\recycler\NPROTECT0000006 c:\recycler\NPROTECT0000007 c:\recycler\NPROTECT0000009 c:\recycler\NPROTECT0000011 c:\recycler\NPROTECT0000012 c:\recycler\NPROTECT0000013 c:\recycler\NPROTECT0000014 c:\recycler\NPROTECT0000017.DAT c:\recycler\NPROTECT0000018 c:\recycler\NPROTECT0000019 c:\recycler\NPROTECT0000020 c:\recycler\NPROTECT0000021 c:\recycler\NPROTECT0000022 c:\recycler\NPROTECT0000023 c:\recycler\NPROTECT0000024 c:\recycler\NPROTECT0000026 c:\recycler\NPROTECT0000027.DAT c:\recycler\NPROTECT0000028 c:\recycler\NPROTECT0000029 c:\recycler\NPROTECT0000030 c:\recycler\NPROTECT0000031 c:\recycler\NPROTECT0000032 c:\recycler\NPROTECT0000033 c:\recycler\NPROTECT0000034 c:\recycler\NPROTECT0000035 c:\recycler\NPROTECT0000036 c:\recycler\NPROTECT0000037 c:\recycler\NPROTECT0000038 c:\recycler\NPROTECT0000039 c:\recycler\NPROTECT0000040 c:\recycler\NPROTECT0000041 c:\recycler\NPROTECT0000042 c:\recycler\NPROTECT0000043 c:\recycler\NPROTECT0000044 c:\recycler\NPROTECT0000045 c:\recycler\NPROTECT0000046 c:\recycler\NPROTECT0000049 c:\recycler\NPROTECT0000050 c:\recycler\NPROTECT0000051 c:\recycler\NPROTECT0000052 c:\recycler\NPROTECT0000053 c:\recycler\NPROTECT0000054 c:\recycler\NPROTECT0000055 c:\recycler\NPROTECT0000056 c:\recycler\NPROTECT0000059 c:\recycler\NPROTECT0000060 c:\recycler\NPROTECT0000061 c:\recycler\NPROTECT0000062 c:\recycler\NPROTECT0000064 c:\recycler\NPROTECT0000066 c:\recycler\NPROTECT0000067 c:\recycler\NPROTECT0000068 c:\recycler\NPROTECT0000071 c:\recycler\NPROTECT0000072 c:\recycler\NPROTECT0000073 c:\recycler\NPROTECT0000074 c:\recycler\NPROTECT0000075 c:\recycler\NPROTECT0000076 c:\recycler\NPROTECT0000077 c:\recycler\NPROTECT0000078 c:\recycler\NPROTECT0000080 c:\recycler\NPROTECT0000081 c:\recycler\NPROTECT0000082 c:\recycler\NPROTECT0000084 c:\recycler\NPROTECT0000085 c:\recycler\NPROTECT0000086 c:\recycler\NPROTECT0000088 c:\recycler\NPROTECT0000089 c:\recycler\NPROTECT0000090 c:\recycler\NPROTECT0000091 c:\recycler\NPROTECT0000092 c:\recycler\NPROTECT0000093 c:\recycler\NPROTECT0000095 c:\recycler\NPROTECT0000096 c:\recycler\NPROTECT0000097 c:\recycler\NPROTECT0000098 c:\recycler\NPROTECT0000099 c:\recycler\NPROTECT0000101 c:\recycler\NPROTECT0000102 c:\recycler\NPROTECT0000103 c:\recycler\NPROTECT0000104 c:\recycler\NPROTECT0000105 c:\recycler\NPROTECT0000106 c:\recycler\NPROTECT0000107 c:\recycler\NPROTECT0000108 c:\recycler\NPROTECT0000109 c:\recycler\NPROTECT0000110 c:\recycler\NPROTECT0000111 c:\recycler\NPROTECT0000112 c:\recycler\NPROTECT0000113 c:\recycler\NPROTECT0000117 c:\recycler\NPROTECT0000118.dat c:\recycler\NPROTECT0000119.dat c:\recycler\NPROTECT0000120 c:\recycler\NPROTECT0000121 c:\recycler\NPROTECT0000122 c:\recycler\NPROTECT0000123 c:\recycler\NPROTECT0000124 c:\recycler\NPROTECT0000125 c:\recycler\NPROTECT0000126 c:\recycler\NPROTECT0000127 c:\recycler\NPROTECT0000129 c:\recycler\NPROTECT0000131.dat c:\recycler\NPROTECT0000133 c:\recycler\NPROTECT0000134 c:\recycler\NPROTECT0000135.bat c:\recycler\NPROTECT0000136 c:\recycler\NPROTECT0000137 c:\recycler\NPROTECT0000138 c:\recycler\NPROTECT0000139 c:\recycler\NPROTECT0000140 c:\recycler\NPROTECT0000142 c:\recycler\NPROTECT0000143 c:\recycler\NPROTECT0000145 c:\recycler\NPROTECT0000146 c:\recycler\NPROTECT0000147 c:\recycler\NPROTECT0000150 c:\recycler\NPROTECT0000151 c:\recycler\NPROTECT0000152 c:\recycler\NPROTECT0000153 c:\recycler\NPROTECT0000154 c:\recycler\NPROTECT0000155 c:\recycler\NPROTECT0000156 c:\recycler\NPROTECT0000158 c:\recycler\NPROTECT0000159 c:\recycler\NPROTECT0000160 c:\recycler\NPROTECT0000161 c:\recycler\NPROTECT0000162 c:\recycler\NPROTECT0000163 c:\recycler\NPROTECT0000164 c:\recycler\NPROTECT0000165 c:\recycler\NPROTECT0000166 c:\recycler\NPROTECT0000167 c:\recycler\NPROTECT0000168 c:\recycler\NPROTECT0000169 c:\recycler\NPROTECT0000170 c:\recycler\NPROTECT0000171 c:\recycler\NPROTECT0000172 c:\recycler\NPROTECT0000173 c:\recycler\NPROTECT0000174 c:\recycler\NPROTECT0000175 c:\recycler\NPROTECT0000176 c:\recycler\NPROTECT0000177 c:\recycler\NPROTECT0000179 c:\recycler\NPROTECT0000180 c:\recycler\NPROTECT0000181 c:\recycler\NPROTECT0000182 c:\recycler\NPROTECT0000185 c:\recycler\NPROTECT0000188.SYS c:\recycler\NPROTECT0000190.SYS c:\recycler\NPROTECT0000192.SYS c:\recycler\NPROTECT0000193 c:\recycler\NPROTECT0000194 c:\recycler\NPROTECT0000195 c:\recycler\NPROTECT0000196 c:\recycler\NPROTECT0000197 c:\recycler\NPROTECT0000198 c:\recycler\NPROTECT0000199 c:\recycler\NPROTECT0000200 c:\recycler\NPROTECT0000201 c:\recycler\NPROTECT0000202 c:\recycler\NPROTECT0000203 c:\recycler\NPROTECT0000204.dat c:\recycler\NPROTECT0000205 c:\recycler\NPROTECT0000206.bad c:\recycler\NPROTECT0000207 c:\recycler\NPROTECT0000208 c:\recycler\NPROTECT0000209 c:\recycler\NPROTECT0000210 c:\recycler\NPROTECT0000211 c:\recycler\NPROTECT0000217.md5 C:\test.txt d:\recycler\NPROTECT\NPROTECT.LOG e:\recycler\NPROTECT\NPROTECT.LOG f:\recycler\NPROTECT\NPROTECT.LOG g:\recycler\NPROTECT\NPROTECT.LOG c:\recycler\NPROTECT . . . . kunne ikke slettes c:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes d:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes e:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes f:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes g:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-09 til 2009-10-09 ))))))))))))))))))))))))))))))))) . 2009-10-08 02:12 . 2009-10-08 02:12 108632 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat 2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\documents and settings\Andreas\Programdata\uniblue 2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\programfiler\Uniblue 2009-09-30 20:29 . 2009-09-30 20:29 -------- d-----w- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\MagicSoftware 2009-09-30 20:29 . 2009-09-30 20:29 -------- d-----w- c:\programfiler\MagicDVDRipper 2009-09-23 20:30 . 2009-09-23 20:30 -------- d-----w- c:\documents and settings\Andreas\Programdata\NesterSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 02:54 . 2008-05-31 23:03 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-10-09 02:54 . 2008-04-30 23:19 -------- d-----w- c:\programfiler\DNA 2009-10-09 02:54 . 2008-04-30 23:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\DNA 2009-10-09 02:39 . 2009-01-04 19:06 -------- d--h--w- c:\programfiler\Explorer 2009-10-09 02:23 . 2008-04-25 20:23 -------- d-----w- c:\documents and settings\Andreas\Programdata\skypePM 2009-10-09 02:21 . 2008-04-30 23:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\BitTorrent 2009-10-09 02:09 . 2008-04-25 20:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\Skype 2009-10-09 01:09 . 2008-10-11 14:34 -------- d-----w- c:\documents and settings\Andreas\Programdata\mIRC 2009-10-08 23:10 . 2009-02-13 20:33 -------- d-----w- c:\documents and settings\Andreas\Programdata\Spotify 2009-10-08 23:09 . 2008-09-14 00:10 -------- d-----w- c:\documents and settings\Andreas\Programdata\teamspeak2 2009-10-08 18:11 . 2009-02-18 15:54 -------- d-----w- c:\programfiler\PokerStars 2009-10-04 00:44 . 2008-06-20 02:53 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2009-09-28 10:00 . 2009-02-01 14:53 -------- d-----w- c:\programfiler\Norton SystemWorks 2009-09-22 20:36 . 2008-04-22 09:29 -------- d-----w- c:\programfiler\Windows Live Safety Center 2009-09-13 19:44 . 2008-05-04 12:32 -------- d-----w- c:\documents and settings\Andreas\Programdata\Ventrilo 2009-09-10 12:54 . 2008-09-11 16:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2008-09-11 16:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 10:33 . 2008-04-19 12:29 -------- d-----w- c:\programfiler\Microsoft Silverlight 2009-09-09 14:00 . 2008-05-04 12:31 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-09-08 20:49 . 2009-09-08 20:49 -------- d-----w- c:\documents and settings\Andreas\Programdata\PowerChallenge 2009-09-06 00:59 . 2009-01-23 15:49 -------- d-----w- c:\documents and settings\Andreas\Programdata\Mumble 2009-09-05 00:45 . 2008-04-19 14:11 -------- d-----w- c:\programfiler\Opera 2009-09-03 17:53 . 2009-09-03 17:48 -------- d-----w- c:\documents and settings\Andreas\Programdata\Dev-Cpp 2009-08-29 13:49 . 2009-02-09 16:56 20920 ----a-w- c:\documents and settings\Gjest\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-08-27 15:21 . 2008-10-11 20:50 -------- d-----w- c:\documents and settings\Andreas\Programdata\TeamViewer 2009-08-27 15:21 . 2009-08-27 15:21 -------- d-----w- c:\programfiler\TeamViewer 2009-08-26 22:36 . 2009-08-26 22:36 0 ----a-r- C:\logwmemory.bin 2009-08-24 09:47 . 2008-06-01 21:24 20920 ----a-w- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-08-23 21:01 . 2009-08-23 20:57 -------- d-----w- c:\documents and settings\Andreas\Programdata\X-Chat 2 2009-08-23 20:57 . 2009-08-23 20:56 -------- d-----w- c:\programfiler\X-Chat 2 2009-08-21 13:05 . 2009-08-04 03:40 -------- d-----w- c:\documents and settings\Andreas\Programdata\Xfire 2009-08-18 17:36 . 2009-08-04 03:40 -------- d-----w- c:\programfiler\Xfire 2009-08-17 12:03 . 2008-05-01 00:16 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2009-08-15 15:36 . 2007-08-02 12:00 75808 ----a-w- c:\windows\system32\perfc014.dat 2009-08-15 15:36 . 2007-08-02 12:00 435984 ----a-w- c:\windows\system32\perfh014.dat 2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-08-09 12:18 . 2009-07-24 16:20 20480 ----a-w- c:\windows\c3a5m5p4s2taf2af.exe 2009-08-06 17:24 . 2008-04-11 16:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2008-04-11 16:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2008-04-11 16:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2008-04-11 16:52 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2007-08-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2008-04-11 16:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2008-04-19 10:32 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 17:23 . 2008-04-19 10:32 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 17:23 . 2008-04-11 16:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:11 . 2007-08-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-18 19:32 . 2009-07-18 19:32 14338 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2009-07-18 19:30 . 2008-11-22 14:51 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe 2009-07-17 19:01 . 2007-08-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 00:18 . 2007-08-02 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-26 08:32 279944 ----a-w- c:\programfiler\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-04-03 21898024] "Google Update"="c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "Steam"="d:\steam\steam\steam.exe" [2009-10-06 1217784] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2008-12-15 342848] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ProxyWay"="g:\programfiler\ProxyWay\proxyway.exe" [2009-08-25 368128] "Fraps"="g:\fraps\FRAPS.EXE" [2008-12-19 2498216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-09-18 144792] "Adobe Reader Speed Launcher"="d:\adobe\Reader 8.0\Reader\reader_sl.exe" [2008-01-11 39792] "NSWosCheck"="c:\programfiler\Norton SystemWorks\osCheck.exe" [2008-09-25 160112] "NswUiTray"="c:\programfiler\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696] "Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-01-30 16116224] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360] c:\documents and settings\Andreas\Start-meny\Programmer\Oppstart\ TimeLeft.lnk - d:\programfiler\TimeLeft3\TimeLeft.exe [2009-9-23 2013880] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Launchy.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Launchy.lnk backup=c:\windows\pss\Launchy.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "d:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\FlashFXP\\FlashFXP.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "d:\\Programfiler\\LimeWire\\LimeWire.exe"= "d:\\ICQ6.5\\ICQ.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\EslWire\\wire.exe"= "c:\\Programfiler\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18062:TCP"= 18062:TCP:BitComet 18062 TCP "18062:UDP"= 18062:UDP:BitComet 18062 UDP R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [02.10.2007 14:46 124832] R2 ICQ Service;ICQ Service;c:\programfiler\ICQ6Toolbar\ICQ Service.exe [06.02.2009 00:04 222456] R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [25.09.2008 15:53 95600] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [22.11.2008 13:53 23064] S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice --> c:\xampp\apache\bin\apache.exe [?] S3 ALLOW-IO;ALLOW-IO;\??\h:\allow-io.sys --> h:\ALLOW-IO.sys [?] S3 ChangeMe;ChangeMe;\??\c:\docume~1\Andreas\LOKALE~1\Temp\ChangeMe.sys --> c:\docume~1\Andreas\LOKALE~1\Temp\ChangeMe.sys [?] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1770027372-839522115-1003Core.job - c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-07 20:06] 2009-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1770027372-839522115-1003UA.job - c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-07 20:06] 2009-10-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\programfiler\Norton SystemWorks\OBC.exe [2008-09-25 13:52] 2009-10-09 c:\windows\Tasks\SDMsgUpdate (TE).job - d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-12-07 05:29] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://start.icq.com/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = socks= FF - ProfilePath - c:\documents and settings\Andreas\Programdata\Mozilla\Firefox\Profiles\nhkc6sa5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Andreas\Programdata\Mozilla\Firefox\Profiles\nhkc6sa5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\docume~1\Andreas\PROGRA~1\POWERC~1\nppowerloader.dll FF - plugin: c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-09 04:54 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(3640) c:\windows\system32\browselc.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\programfiler\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.NOR F:\dBShell.dll d:\adobe\Reader 8.0\Reader\ViewerPS.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe c:\windows\system32\wdfmgr.exe c:\programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\ALCFDRTM.EXE d:\adobe\Reader 8.0\Reader\AcroRd32Info.exe . ************************************************************************** . Tidspunkt ferdig: 2009-10-09 4:58 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-10-09 02:58 Pre-Run: 10 818 478 080 byte ledig Post-Run: 11 686 223 872 byte ledig 418 --- E O F --- 2009-09-09 23:03 Endret 9. oktober 2009 av elhacko Lenke til kommentar
SemikolonP Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Hadde ikke forbausa meg om det var Norton det var snakk om. Har du prøvd å kjøre gjenoppretting? Hvilket OS har du btw? Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 Har windows xp professional. Nei det er ikke norton Men er ett program som ble instalert. Har ikke peiling på vorifra. Lenke til kommentar
SemikolonP Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Jeg husker jeg fikk det poblemet en gang. Tror det løste seg ved å gjenopprette. Fumker ikke det, så har ikke jeg mer å bidra med, annet enn å ta backup av dokumenter og formatere. Lenke til kommentar
norbat Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Gå til virustotal og sjekk følgende fil: c:\windows\c3a5m5p4s2taf2af.exe Lenke til kommentar
Atiks Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Og du bør slette de virus filene som MBAM fant. Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 Jeg har scannet filen på virustotal fant følgende: Klikk for å se/fjerne innholdet nedenfor Antivirus Version Last Update Resulta-squared 4.5.0.24 2009.08.13 Virus.Win32.Small!IK AhnLab-V3 5.0.0.2 2009.08.12 - AntiVir 7.9.1.1 2009.08.13 TR/VB.udp Antiy-AVL 2.0.3.7 2009.08.13 - Authentium 5.1.2.4 2009.08.13 - Avast 4.8.1335.0 2009.08.12 Win32:Small-MZS AVG 8.5.0.406 2009.08.13 - BitDefender 7.2 2009.08.13 - CAT-QuickHeal 10.00 2009.08.13 - ClamAV 0.94.1 2009.08.13 - Comodo 1859 2009.08.13 TrojWare.Win32.VB.udp DrWeb 5.0.0.12182 2009.08.13 - eSafe 7.0.17.0 2009.08.11 - eTrust-Vet 31.6.6675 2009.08.13 - F-Prot 4.4.4.56 2009.08.12 - F-Secure 8.0.14470.0 2009.08.13 Trojan.Win32.VB.udp Fortinet 3.120.0.0 2009.08.13 W32/VB.UDP!tr GData 19 2009.08.13 Win32:Small-MZS Ikarus T3.1.1.64.0 2009.08.13 Virus.Win32.Small Jiangmin 11.0.800 2009.08.13 - K7AntiVirus 7.10.817 2009.08.12 - Kaspersky 7.0.0.125 2009.08.13 Trojan.Win32.VB.udp McAfee 5707 2009.08.12 - McAfee+Artemis 5707 2009.08.12 Artemis!78CCF64A415C McAfee-GW-Edition 6.8.5 2009.08.13 Trojan.VB.udp Microsoft 1.4903 2009.08.13 - NOD32 4331 2009.08.13 - Norman 2009.08.12 - nProtect 2009.1.8.0 2009.08.13 - Panda 10.0.0.14 2009.08.12 Adware/AccesMembre PCTools 4.4.2.0 2009.08.12 - Prevx 3.0 2009.08.13 High Risk Cloaked Malware Rising 21.42.32.00 2009.08.13 - Sophos 4.44.0 2009.08.13 - Sunbelt 3.2.1858.2 2009.08.13 Trojan.Win32.Generic!BT Symantec 1.4.4.12 2009.08.13 - TheHacker 6.3.4.3.383 2009.08.13 - TrendMicro 8.950.0.1094 2009.08.13 - VBA32 3.12.10.9 2009.08.13 - ViRobot 2009.8.13.1883 2009.08.13 - VirusBuster 4.6.5.0 2009.08.12 - Additional information File size: 20480 bytes MD5 : 78ccf64a415c639a41e5d05c441d46f1 SHA1 : c68bff0251399a7a7db99eca69498bb76de523b5 SHA256: 32c7b9bf6ed35b46b5054bb1b4512db4587d11f09248555d306f020f47b4d3ab PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x46F8 timedatestamp.....: 0x4A7E9B65 (Sun Aug 9 11:48:21 2009) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3B2A 0x3C00 6.49 1f16c6c766d64708fb3a12745e38411f .rdata 0x5000 0xD5E 0xE00 5.97 054bffbedaaa7901c00595637ace13a4 .data 0x6000 0xFF8 0x200 1.04 b205497d1115ea006e34272851543ceb ( 3 imports ) > kernel32.dll: Sleep, GetModuleFileNameA, GetStartupInfoA, GetTickCount, LoadLibraryA, GetModuleHandleA, GetProcAddress, ExitProcess > msvcp71.dll: __Nomemory@std@@YAXXZ > msvcr71.dll: strcpy, __3@YAXPAX@Z, strcmp, srand, memcpy, ___V@YAXPAX@Z, strchr, exit, sprintf, strtok, strncpy, malloc, _vsnprintf, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _except_handler3, __CxxFrameHandler, strstr, strlen, rand, strcat, memset, _callnewh ( 0 exports ) TrID : File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 384:XJsiV09BWVnYTprmUPoui5J+9KmhWT3KfNwURv/kxyqaBI2gxi0eoEhPgVc5ERFH:XJs209BWVnYTprnoR5J+9KmhWT3KfNwi Prevx Info: http://info.prevx.com/aboutprogramtext.asp...E79B3008A4AC0A4 PEiD : - RDS : NSRL Reference Data Set - Lenke til kommentar
norbat Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Se om du får slettet fila (høyreklikk og velg slett). Oppdater MBAM og kjør en ny rask skann for å se om den finner noe av interesse. Du trenger ikke å poste loggen om den ikke finner noe. Kjører pc'n ok? Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 Fikk slettet filen, Føler att pc'en min går litt treigere en før. Men kansje bare jeg som er litt paranoid? Annyway her er mbam loggen Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.41Databaseversjon: 2927 Windows 5.1.2600 Service Pack 2 09.10.2009 15:19:24 mbam-log-2009-10-09 (15-19-24).txt Skanntype: Rask Skann Objekter skannet: 98975 Tid tilbakelagt: 3 minute(s), 14 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 Er pc'en min clean nå? Lenke til kommentar
norbat Skrevet 9. oktober 2009 Del Skrevet 9. oktober 2009 Combofix-loggen viste ikke noe mer malware. Du bør oppdatere Windows med SP3 (via windows update) Lenke til kommentar
elhacko Skrevet 9. oktober 2009 Forfatter Del Skrevet 9. oktober 2009 i will ;D Takker for hjelpen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå