Poster utskilt fra veiledertråden-2

[norbat]

Xarus: kjør gjennom veiledning og post loggene i en egen tråd som du oppretter ved å klikke på Nytt Emne-knappen

[carina_elise]

Endret 5. mars 2009 av carina_elise

[norbat]

 

Hei, carina_elise. Har du fått løst evt. problemet?

[r2d290]

 

Hei, carina_elise. Har du fått løst evt. problemet?

 

Det som oprinnelig sto i posten til carina_elise var at hun linket til tråden https://www.diskusjon.no/index.php?showtopic=1082883&hl=.

Den tråden er satt som løst, så jeg regner med at problemet har løst seg?

[Mojo Pin]

Hei!

 

Fikk noen tilbakemeldinger i går på at det var blitt sendt ut spam til alle på kontaktlista mi fra MSN i gårkveld. Bruker sjelden msn, kun til å sjekke hotmail-kontoen min i ny og ne. Har kjørt fullt systemscan med avast! og hurtigscan med Malwarebytes uten å finne noe som helst. Det er første gangen jeg har opplevd dette, noen som veit hva som fjerner det?

[hernil]

Følg veiledningen og lag ny tråd med loggene, men først og fremst bør du endre passordet på hotmail-kontoen.

[zonko]

Maskinen hjemme hos foreldrene fikk for et par uker siden popups fra det fake antivirusprogrammet System Security. Jeg fikk fjernet det med mbam (det var ihvertfall ingen tegn til det da jeg var ferdig), men nå er uværet tilbake. Kommer dette programmet gjennom noen kjent sårbarhet/ kilde jeg kan lukke?

 

Bilde av driten her: http://s5.tinypic.com/2vxg9jm.jpg

[raWrz]

lag en ny tråd (trykk på nytt emne knappen) og følg veiledningen som er linket øverst i signaturen min

[zonko]

Jeg bor ikke der maskina er, så det er vanskelig å få gjort nå. Fikk fjernet den sist (i alle fall hva jeg kunne se). Lurer i denne ogang på om dette programmet sprer seg på noen kjent, bestemt måte slik at jeg kan hindre den fra å komme inn på nytt.

[Tosha0007]

det høyres ut som du diverre ikkje klarte å fjerne heile infeksjonen, f.eks ei fil som låg att som køyrer (installerer) programmet på nytt.

 

No skal eg ikkje sei eg er heilt sikker på kva filer og registeroppføringer som køyrer med det programmet. Skal sjå kva eg finn, men trur det lettaste er at du postar loggar (MBAM og Combofix) når du har tid. Evt kan du kanskje få nokon her på forumet ta det over fjernstyring

Endret 8. mars 2009 av tosha0007

[Fløffy]

Logg fra combofix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-03-06.02 - Morten 2009-03-09 21:40:49.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.3327.2341 [GMT 1:00]

Kjører fra: C:\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090308-0] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 )))))))))))))))))))))))))))))))))

.

 

2009-03-09 21:37 . 2009-03-09 21:38 2,933,448 -ra------ C:\ComboFix.exe

2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\documents and settings\Morten\Programdata\Malwarebytes

2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-03-09 21:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-09 21:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-09 21:33 . 2009-03-09 21:33 2,876,720 --a------ C:\mbam-setup.exe

2009-03-09 19:08 . 2009-03-09 19:08 7,168 --ahs---- c:\windows\Thumbs.db

2009-03-09 18:59 . 2009-03-09 18:59 <DIR> d-------- C:\Screenshots

2009-03-09 16:33 . 2009-03-09 16:33 278,280 --a------ C:\Screenshots.zip

2009-03-07 11:05 . 2009-03-07 11:05 473,120 --a------ C:\OGAPluginInstall.exe

2009-03-07 11:04 . 2009-03-07 11:04 956,376 --a------ C:\SaveAsPDFandXPS.exe

2009-03-07 10:58 . 2009-03-07 10:59 11,399,920 --a------ C:\5550-non-2kxpinfu.exe

2009-03-07 10:58 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-03-07 10:56 . 2009-03-07 10:56 <DIR> d-------- c:\windows\SHELLNEW

2009-03-07 00:34 . 2009-03-07 00:45 8 --a------ c:\windows\system32\nvModes.dat

2009-03-05 14:48 . 2009-03-05 14:51 <DIR> d-------- c:\programfiler\WhatPulse

2009-03-05 14:48 . 2009-03-05 14:48 657,331 --a------ C:\WhatPulse-1.5-Setup.exe

2009-03-01 15:46 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat

2009-03-01 14:40 . 2009-03-01 14:40 1,355 --a------ c:\windows\imsins.BAK

2009-03-01 14:33 . 2009-03-01 14:33 224 --a------ c:\windows\system32\spupdsvc.inf

2009-02-26 22:10 . 2009-03-09 21:28 <DIR> dr-h----- c:\documents and settings\Morten\Siste

2009-02-26 22:08 . 2009-02-26 22:08 3,171,208 --a------ C:\ccsetup216.exe

2009-02-21 16:51 . 2009-02-21 16:51 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ

2009-02-16 21:11 . 2009-02-16 21:15 <DIR> d-------- c:\programfiler\GRemote

2009-02-16 21:09 . 2009-02-16 21:09 4,054,994 --a------ C:\GRemote setup.exe

2009-02-14 16:58 . 2009-02-14 16:59 <DIR> d-------- c:\documents and settings\Morten\.VirtualBox

2009-02-14 16:58 . 2009-01-21 19:14 129,552 --a------ c:\windows\system32\VBoxNetFltNotify.dll

2009-02-14 16:58 . 2009-01-21 19:13 87,312 --a------ c:\windows\system32\drivers\VBoxNetFlt.sys

2009-02-14 16:20 . 2009-02-14 16:20 <DIR> d-------- c:\programfiler\Sun

2009-02-14 16:20 . 2009-01-21 19:13 100,560 --a------ c:\windows\system32\drivers\VBoxDrv.sys

2009-02-14 16:20 . 2009-01-21 19:13 41,680 --a------ c:\windows\system32\drivers\VBoxUSBMon.sys

2009-02-14 16:16 . 2009-02-14 16:17 37,428,736 --a------ C:\VirtualBox-2.1.2-41885-Win_x86.msi

2009-02-14 14:43 . 2009-02-14 14:48 <DIR> d-------- c:\windows\NV76006852.TMP

2009-02-14 14:43 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb

2009-02-14 13:19 . 2009-02-14 13:19 <DIR> d-------- c:\programfiler\Google

2009-02-11 16:35 . 2009-02-11 16:35 <DIR> d-------- c:\programfiler\Spotify

2009-02-11 16:35 . 2009-03-09 18:19 <DIR> d-------- c:\documents and settings\Morten\Programdata\Spotify

2009-02-11 16:35 . 2009-02-11 16:35 1,521,192 --a------ C:\Spotify Installer.exe

2009-02-09 21:35 . 2009-02-09 21:35 <DIR> d-------- c:\windows\Sun

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 20:39 --------- d-----w c:\documents and settings\Morten\Programdata\DNA

2009-03-09 17:53 --------- d-----w c:\documents and settings\Morten\Programdata\BitTorrent

2009-03-09 09:17 --------- d-----w c:\programfiler\LogMeIn

2009-03-08 02:09 --------- d-----w c:\programfiler\DNA

2009-03-08 01:27 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2009-03-07 12:40 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2009-03-07 10:04 --------- d-----w c:\programfiler\MSECache

2009-03-07 09:53 --------- d-----w c:\programfiler\Microsoft Works

2009-03-01 17:41 --------- d-----w c:\programfiler\DC++

2009-02-22 12:03 --------- d-----w c:\documents and settings\Morten\Programdata\LimeWire

2009-02-19 16:33 --------- d-----w c:\documents and settings\Morten\Programdata\dvdcss

2009-02-18 18:44 --------- d-----w c:\programfiler\Windows Live

2009-02-14 13:48 --------- d-----w c:\programfiler\Spybot - Search & Destroy

2009-02-08 22:41 28,868,320 ----a-w C:\FileFormatConverters(2).exe

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-05 21:41 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared

2009-02-05 21:41 --------- d-----w c:\programfiler\Autodesk

2009-01-29 16:09 --------- d-----w c:\documents and settings\All Users\Programdata\Office Genuine Advantage

2009-01-28 15:52 --------- d-----w c:\documents and settings\Morten\Programdata\Ulead Systems

2009-01-28 15:36 --------- d-----w c:\documents and settings\All Users\Programdata\Ulead Systems

2009-01-28 15:33 --------- d--h--w c:\programfiler\InstallShield Installation Information

2009-01-28 15:33 --------- d-----w c:\programfiler\Windows Media Components

2009-01-28 15:33 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield

2009-01-28 15:32 --------- d-----w c:\programfiler\Ulead Systems

2009-01-28 15:32 --------- d-----w c:\programfiler\Fellesfiler\Ulead Systems

2009-01-28 15:32 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2009-01-26 20:36 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2009-01-26 20:35 --------- d-----w c:\documents and settings\All Users\Programdata\NOS

2009-01-26 20:34 --------- d-----w c:\programfiler\NOS

2009-01-26 18:22 34,031,720 ----a-w C:\GoogleSketchUpWEN.exe

2009-01-25 16:23 --------- d-----w c:\programfiler\Codemasters

2009-01-19 18:33 28,868,320 ----a-w C:\FileFormatConverters.exe

2009-01-18 11:48 7,668,519 ----a-w C:\DCPlusPlus-0-7091.exe

2009-01-14 23:39 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-14 23:39 --------- d-----w c:\programfiler\Java

2009-01-14 23:38 607,640 ----a-w C:\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe

2009-01-14 23:38 607,640 ----a-w C:\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008(2).exe

2009-01-14 23:38 --------- d-----w c:\programfiler\LimeWire

2009-01-14 23:37 4,900,376 ----a-w C:\LimeWireWin.exe

2009-01-14 21:27 --------- d-----w c:\documents and settings\All Users\Programdata\LogMeIn

2009-01-14 15:04 --------- d-----w c:\documents and settings\Morten\Programdata\Steinberg

2009-01-13 23:19 --------- d-----w c:\programfiler\Steinberg

2009-01-13 23:19 --------- d-----w c:\programfiler\Pinnacle

2009-01-13 23:18 --------- d-----w c:\programfiler\Syncrosoft

2009-01-13 23:18 --------- d-----w c:\documents and settings\All Users\Programdata\Pinnacle

2009-01-13 22:56 --------- d-----w c:\programfiler\BitTorrent

2009-01-13 22:56 --------- d-----w c:\programfiler\AskSearch

2009-01-13 22:53 1,754,496 ----a-w C:\BitTorrent-6.1.2.exe

2009-01-13 20:30 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared

2009-01-13 20:27 --------- d-----w c:\programfiler\Lavalys

2009-01-12 20:58 --------- d-----w c:\programfiler\Microsoft.NET

2009-01-11 22:12 --------- d-----w c:\documents and settings\Morten\Programdata\vlc

2009-01-11 22:11 --------- d-----w c:\programfiler\VideoLAN

2009-01-11 22:09 16,320,472 ----a-w C:\vlc-0.9.8a-win32.exe

2009-01-11 19:29 --------- d-----w c:\programfiler\Microsoft Games for Windows - LIVE

2009-01-11 19:26 31,879,336 ----a-w C:\gfwlivesetupmin.exe

2009-01-11 19:20 --------- d--h--r c:\documents and settings\Morten\Programdata\SecuROM

2009-01-11 19:12 318,904 ----a-w C:\wmpfirefoxplugin.exe

2009-01-11 17:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-01-11 17:44 --------- d-----w c:\programfiler\Rockstar Games

2009-01-11 17:35 --------- d-----w c:\programfiler\MSBuild

2009-01-11 17:32 --------- d-----w c:\programfiler\Reference Assemblies

2009-01-11 17:28 --------- d-----w c:\programfiler\DAEMON Tools Lite

2009-01-11 17:25 716,272 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-11 17:25 --------- d-----w c:\documents and settings\Morten\Programdata\DAEMON Tools

2009-01-11 17:12 504,320 ----a-w C:\daemon347.exe

2009-01-11 17:12 --------- d-----w c:\programfiler\D-Tools

2009-01-11 14:04 --------- d-----w c:\programfiler\Activision

2009-01-11 13:53 --------- d-----w c:\programfiler\Windows Live SkyDrive

2009-01-11 13:53 --------- d-----w c:\programfiler\Microsoft Sync Framework

2009-01-11 13:53 --------- d-----w c:\programfiler\Microsoft

2009-01-11 13:49 --------- d-----w c:\programfiler\Fellesfiler\Windows Live

2009-01-11 13:48 1,149,768 ----a-w C:\wlsetup-web.exe

2009-01-11 13:09 --------- d-----w c:\programfiler\iTunes

2009-01-11 13:09 --------- d-----w c:\documents and settings\Morten\Programdata\Apple Computer

2009-01-11 13:09 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-11 13:08 --------- d-----w c:\programfiler\QuickTime

2009-01-11 13:08 --------- d-----w c:\programfiler\iPod

2009-01-11 13:08 --------- d-----w c:\programfiler\Fellesfiler\Apple

2009-01-11 13:08 --------- d-----w c:\programfiler\Bonjour

2009-01-11 13:08 --------- d-----w c:\programfiler\Apple Software Update

2009-01-11 13:08 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer

2009-01-11 13:07 4,556,588 ----a-w C:\daemon4303-lite.exe

2009-01-11 13:07 --------- d-----w c:\documents and settings\All Users\Programdata\Apple

2009-01-11 13:06 68,756,776 ----a-w C:\iTunesSetup.exe

2009-01-11 12:50 12,063,952 ----a-w C:\SoundMAX_Audio_v510016310_32bit_2kxp.zip

2009-01-11 12:50 1,232,547 ----a-w C:\wrar371no.exe

2009-01-11 12:50 --------- d-----w c:\programfiler\Analog Devices

2009-01-11 12:48 1,851,544 ----a-w C:\install_flash_player.exe

2009-01-11 12:24 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft

2009-01-11 12:23 23,804,784 ----a-w C:\aaw2008.exe

2009-01-11 12:23 --------- d-----w c:\programfiler\Lavasoft

2009-01-11 12:23 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-01-11 12:23 --------- d-----w c:\programfiler\Alwil Software

2009-01-11 12:22 29,993,648 ----a-w C:\setupnor.exe

2009-01-11 12:22 15,083,520 ----a-w C:\spybotsd160.exe

2009-01-11 12:21 --------- d-----w c:\programfiler\CCleaner

2009-01-11 12:20 3,165,824 ----a-w C:\ccsetup215.exe

2009-01-10 21:36 --------- d-----w c:\programfiler\My Company Name

2009-01-10 21:26 --------- d-----w c:\programfiler\ASUS

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

"RGSC"="c:\programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-11 306088]

"EVEREST AutoStart"="c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [2008-01-17 2057312]

"BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2009-01-13 342848]

"WhatPulse"="c:\programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 665600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]

"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-15 136600]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UVS10 Preload"="c:\programfiler\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"GRemoteServer"="c:\programfiler\GRemote\GRemoteServer.exe" [2008-12-23 1178112]

"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= c:\progra~1\FELLES~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= c:\progra~1\FELLES~1\ULEADS~1\MPEG\ulmp3acm.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Programfiler\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"c:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"c:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

"c:\\Programfiler\\DNA\\btdna.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"c:\\Programfiler\\Codemasters\\DiRT\\DiRT.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\GRemote\\GRemoteServer.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-06-11 64880]

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]

R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720]

R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-06-11 55160]

R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-11 111184]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-02-14 100560]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-02-14 41680]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-11 20560]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\LogMeIn\x86\rainfo.sys [2008-07-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-14 47640]

R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [2009-01-13 22640]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-02-14 87312]

S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?]

S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2009-01-26 33752]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - EVERESTDRIVER

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af01c3d3-df5e-11dd-bedd-806d6172696f}]

\Shell\AutoRun\command - J:\Launch.exe /run

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-03-09 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

 

2009-03-08 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.ask.com/?o=101764&l=dis

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Morten\Programdata\Mozilla\Firefox\Profiles\izohv8hj.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://nn-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nn-NO:official

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 21:41:30

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1993962763-1580436667-682003330-1003\Software\SecuROM\License information*]

"datasecu"=hex:08,0e,7f,c9,96,18,79,11,5c,2d,e9,53,a9,aa,61,c3,4d,1b,67,4a,d7,

64,d9,ce,e9,6f,d1,31,43,6c,02,22,27,39,fc,60,e4,7e,65,59,93,2d,dc,38,ba,87,\

"rkeysecu"=hex:b2,8c,7d,5f,0e,b1,a4,60,df,fa,d3,fb,df,cb,2a,d7

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(876)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Tidspunkt ferdig: 2009-03-09 21:42:20

ComboFix-quarantined-files.txt 2009-03-09 20:42:18

 

Pre-Run: 19 194 994 688 byte ledig

Post-Run: 21,068,472,320 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

292 --- E O F --- 2009-03-08 01:27:17

 

Endret 9. mars 2009 av Actrm

[raWrz]

venligst lag et nytt emne ved og likke på nytt enme knappen og beskriv om det er bare en sjekk eller om du er plaga ev et virus vi hjelper ikke lenger i denne tråden

[Pizzaen]

bla, bla...

 

Aktuelle saker:

 

Test av antimalware-program:

https://www.diskusjon.no/index.php?showtopic=1079419

 

bla, bla...

 

Denne linker til "Info: Sikkerhetsproblem i Microsoft Office Excel" og ikke "Test av antimalware-program".

Endret 22. mars 2009 av Pizzaen

[raWrz]

*Pirk* er pirk på Pizzaen men han tok det bort

 

http://no.wikipedia.org/wiki/Malware

http://en.wikipedia.org/wiki/Malware

det skrivest vist malware uten e

Endret 22. mars 2009 av Submit

[Pizzaen]

*Pirk*

 

http://no.wikipedia.org/wiki/Malware

http://en.wikipedia.org/wiki/Malware

det skrivest vist malware uten e

 

Fant ut det ettervert jeg også, derfor jeg redigerte det bort

 

Når vi først holder på: ettervert med h eller uten h? Edit: skrives tydeligvis "etter hvert" i 2 ord, lært meg noe nytt i dag og

Endret 22. mars 2009 av Pizzaen

[Tosha0007]

[off-topic]Kvifor ikkje gjera det lett å skriva nynorsk Der heiter det etter kvart går knapt ann å ta feil

Det skrives etter hvert på bokmål dersom du absolutt må ha det [/off-topic]

 

[on-topic]edit: Til norbat, som Pizzaen skreiv litt lenger opp er linken til "Test av Antimalware-program" feil. Det skal vera denne adressa: https://www.diskusjon.no/index.php?showtopic=1075335 [/on-topic]

Endret 22. mars 2009 av tosha0007

[norbat]

Takk

[Shadowxx]

det funka ikke

 

her er min sak

 

 

Malwarebytes' Anti-Malware

 

her er

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1749

Windows 5.1.2600 Service Pack 3

 

26.03.2009 17:23:09

mbam-log-2009-03-26 (17-23-09).txt

 

Skanntype: Rask Skann

Objekter skannet: 67720

Tid tilbakelagt: 5 minute(s), 8 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

her er comfix logg

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-03-25.04 - Shadow 2009-03-26 17:30:59.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1023.546 [GMT 1:00]

Kjører fra: c:\mxdownload\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\npf.sys

c:\windows\system32\packet.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-26 til 2009-03-26 )))))))))))))))))))))))))))))))))

.

 

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Siste

2009-03-25 23:16 . 2009-03-25 23:17 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Mine dokumenter

2009-03-25 23:16 . 2009-02-14 06:42 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Favoritter

2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2009-03-25 23:16 . 2009-03-25 23:16 <DIR> d-------- c:\documents and settings\Administrator

2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Malwarebytes

2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-03-25 23:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-25 23:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-25 16:32 . 2000-05-22 01:58 647,872 --------- c:\windows\system32\Mscomct2.ocx

2009-03-25 16:32 . 2006-10-05 23:17 53,248 --------- c:\windows\Ctregrun.exe

2009-03-25 16:31 . 2009-03-25 16:31 417,792 --a------ c:\windows\system32\awrdscdc.ax

2009-03-25 16:30 . 2009-03-25 16:31 <DIR> d-------- c:\programfiler\Audible

2009-03-25 16:30 . 2003-03-18 21:20 1,060,864 --------- c:\windows\system32\mfc71.dll

2009-03-25 16:30 . 2003-03-18 20:14 499,712 --------- c:\windows\system32\msvcp71.dll

2009-03-25 16:30 . 2003-02-21 04:42 348,160 --------- c:\windows\system32\msvcr71.dll

2009-03-25 16:29 . 2009-03-25 16:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\Creative

2009-03-25 16:28 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE

2009-03-25 16:28 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE

2009-03-25 16:27 . 2009-03-25 16:27 <DIR> d-------- c:\programfiler\Fellesfiler\Creative

2009-03-25 16:27 . 2009-03-25 16:29 <DIR> d--h----- c:\programfiler\Creative Installation Information

2009-03-22 22:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-03-22 22:12 . 2009-03-22 22:12 <DIR> d-------- c:\programfiler\Microsoft Works

2009-03-22 22:08 . 2009-03-22 22:08 <DIR> d-------- c:\programfiler\Microsoft.NET

2009-03-22 22:05 . 2009-03-22 22:05 <DIR> d-------- c:\programfiler\Microsoft Visual Studio 8

2009-03-22 22:04 . 2009-03-22 22:10 <DIR> d-------- c:\windows\SHELLNEW

2009-03-22 22:03 . 2009-03-22 22:22 <DIR> d-------- c:\documents and settings\All Users\Programdata\Microsoft Help

2009-03-22 22:01 . 2009-03-22 22:01 <DIR> dr-h----- C:\MSOCache

2009-03-22 21:43 . 2009-03-22 21:44 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-03-22 21:43 . 2006-06-09 11:04 278,528 --a------ c:\windows\system32\cmdiag.new

2009-03-22 21:43 . 2006-06-09 11:04 278,528 --a------ c:\windows\system32\cmdiag.cpl

2009-03-22 21:43 . 2005-04-13 11:17 163,840 --a------ c:\windows\system32\cmabout.dll

2009-03-22 21:43 . 2006-07-11 11:03 84,608 --a------ c:\windows\system32\drivers\cxbu0wdm.sys

2009-03-22 21:43 . 2006-03-20 13:53 61,440 --a------ c:\windows\system32\chksvrn.dll

2009-03-22 21:43 . 2001-04-27 09:39 41,926 --a------ c:\windows\system32\ok.bmp

2009-03-22 21:43 . 2006-07-04 08:17 10,229 --a------ c:\windows\system32\cmdiag.ini

2009-03-22 21:43 . 2006-02-03 10:42 142 --a------ c:\windows\system32\cmabout.ini

2009-03-22 21:42 . 2009-03-22 21:42 <DIR> d-------- c:\programfiler\Buypass

2009-03-17 19:27 . 2009-03-17 19:27 <DIR> d-------- C:\Isa_SCR

2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\windows\Sun

2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\programfiler\Java

2009-03-17 19:22 . 2009-03-17 19:22 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-17 19:22 . 2009-03-17 19:22 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-17 19:17 . 2001-08-17 21:51 23,936 --a------ c:\windows\system32\drivers\sccmusbm.sys

2009-03-17 19:17 . 2001-08-17 21:51 23,936 --a--c--- c:\windows\system32\dllcache\sccmusbm.sys

2009-03-16 21:08 . 2009-03-25 16:47 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Creative

2009-03-16 20:51 . 2009-03-16 20:51 <DIR> d-------- C:\WebCam

2009-03-15 21:13 . 2008-09-26 09:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys

2009-03-15 21:13 . 2009-03-15 21:13 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-03-15 21:12 . 2009-03-15 21:12 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2009-03-15 21:11 . 2009-03-15 21:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-03-15 21:11 . 2009-03-15 21:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2009-03-15 21:09 . 2009-03-15 21:09 <DIR> d-------- c:\programfiler\Logitech

2009-03-15 21:09 . 2009-03-15 21:10 <DIR> d-------- c:\programfiler\Fellesfiler\Logishrd

2009-03-15 21:08 . 2009-03-15 21:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\LogiShrd

2009-03-10 19:29 . 2009-03-26 17:26 <DIR> d-------- C:\MxDownload

2009-03-10 19:27 . 2009-03-10 19:27 0 --a------ c:\windows\system32\cid_store.dat

2009-03-09 15:29 . 2009-03-09 15:29 <DIR> d-------- c:\programfiler\BillP Studios

2009-03-09 15:29 . 2009-03-09 15:29 <DIR> d-------- c:\documents and settings\Shadow\Programdata\WinPatrol

2009-03-09 15:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl

2009-03-08 14:20 . 2009-03-08 14:25 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Stardock

2009-03-08 14:19 . 2009-03-08 14:22 <DIR> d-------- c:\documents and settings\All Users\Programdata\Stardock

2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}

2009-03-08 14:11 . 2009-03-25 22:28 <DIR> dr-h----- c:\documents and settings\Shadow\Siste

2009-03-05 19:43 . 2009-03-05 19:43 <DIR> d-------- c:\documents and settings\All Users\Programdata\ATI

2009-03-05 17:19 . 2009-03-05 17:19 98,304 --a------ c:\windows\system32\CmdLineExt.dll

2009-03-05 17:12 . 2009-03-05 17:12 32 --a------ c:\windows\CD_Start.INI

2009-03-05 17:01 . 2009-03-05 17:01 <DIR> d-------- c:\programfiler\Rockstar Games

2009-03-03 16:57 . 2009-03-03 16:58 <DIR> d-------- c:\documents and settings\Shadow\Programdata\DivX

2009-03-03 16:56 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe

2009-03-03 16:56 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe

2009-03-03 16:55 . 2009-03-03 16:56 <DIR> d-------- c:\programfiler\DivX

2009-03-02 21:21 . 2009-03-23 23:40 116 --a------ c:\windows\NeroDigital.ini

2009-03-02 21:20 . 2009-03-02 21:20 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Ahead

2009-03-02 21:20 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe

2009-03-02 21:20 . 2006-03-22 12:55 47,867 --------- c:\windows\UNNMP.cfg

2009-03-02 21:18 . 2009-03-02 21:18 <DIR> d-------- c:\programfiler\Fellesfiler\Nero

2009-03-02 21:18 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2009-03-02 21:17 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe

2009-03-02 21:17 . 2006-03-22 12:55 179,261 --------- c:\windows\UNNeroVision.cfg

2009-03-02 21:17 . 2001-08-17 22:43 24,576 --------- c:\windows\system32\msxml3a.dll

2009-03-02 21:16 . 2009-03-02 21:16 <DIR> d-------- c:\programfiler\Fellesfiler\Ahead

2009-03-02 21:16 . 2009-03-02 21:19 <DIR> d-------- c:\programfiler\Ahead

2009-03-02 21:16 . 2009-03-02 21:16 <DIR> d-------- c:\documents and settings\All Users\Programdata\Ahead

2009-03-02 21:16 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2009-03-02 21:16 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2009-03-02 21:16 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2009-03-02 21:16 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2009-03-02 21:16 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2009-03-02 21:16 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2009-03-02 21:16 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll

2009-03-02 16:09 . 2009-03-03 14:56 4,096 --a------ c:\windows\system32\crash

2009-03-02 15:20 . 2009-03-02 15:20 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet

2009-03-02 14:39 . 2009-03-18 23:28 <DIR> d-------- c:\documents and settings\Shadow\Programdata\dvdcss

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-26 16:29 --------- d-----w c:\documents and settings\Shadow\Programdata\MxBoost

2009-03-25 22:16 --------- d--h--w c:\programfiler\InstallShield Installation Information

2009-03-25 15:32 --------- d-----w c:\programfiler\Creative

2009-03-24 18:59 --------- d-----w c:\documents and settings\Shadow\Programdata\uTorrent

2009-03-22 21:11 --------- d-----w c:\programfiler\MSBuild

2009-03-22 21:10 --------- d-----w c:\programfiler\DC++

2009-03-16 19:36 --------- d-----w c:\programfiler\ATI

2009-03-08 13:19 --------- d-----w c:\programfiler\Stardock

2009-03-08 01:44 --------- d-----w c:\documents and settings\Shadow\Programdata\Winamp

2009-03-05 18:38 --------- d-----w c:\programfiler\ATI Technologies

2009-03-03 18:52 --------- d-----w c:\documents and settings\Shadow\Programdata\AVGTOOLBAR

2009-03-01 19:11 --------- d-----w c:\documents and settings\All Users\Programdata\avg8

2009-02-23 20:23 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-02-23 20:23 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-02-23 20:22 --------- d-----w c:\programfiler\AVG

2009-02-23 20:18 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP

2009-02-23 20:17 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2009-02-23 19:25 --------- d-----w c:\documents and settings\Shadow\Programdata\ImgBurn

2009-02-23 19:21 --------- d-----w c:\programfiler\ImgBurn

2009-02-23 17:46 --------- d-----w c:\programfiler\MP3 Wave Converter

2009-02-23 17:35 --------- d-----w c:\programfiler\NOS

2009-02-23 17:35 --------- d-----w c:\documents and settings\All Users\Programdata\NOS

2009-02-23 16:57 --------- d-----w c:\programfiler\EA GAMES

2009-02-22 18:34 --------- d-----w c:\programfiler\Fellesfiler\Adobe

2009-02-22 18:29 --------- d-----w c:\programfiler\Maxthon2

2009-02-22 18:01 --------- d-----w c:\programfiler\Windows Desktop Search

2009-02-15 13:29 --------- d-----w c:\programfiler\Astro Gemini Software

2009-02-15 13:25 29,696 ----a-w c:\windows\mickey32.dll

2009-02-15 13:25 232,784 ----a-w c:\windows\Matrix Code.scr

2009-02-15 13:25 2,285,222 ----a-w c:\windows\Matrix Code.exe

2009-02-15 09:22 --------- d-----w c:\programfiler\Fellesfiler\Stardock

2009-02-14 23:41 --------- d-----w c:\programfiler\Counter-Strike

2009-02-14 23:13 --------- d-----w c:\programfiler\Steam

2009-02-14 20:43 --------- d-----w c:\programfiler\Fellesfiler\DirectX

2009-02-14 20:21 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-14 20:21 22,328 ----a-w c:\documents and settings\Shadow\Programdata\PnkBstrK.sys

2009-02-14 19:25 --------- d-----w c:\programfiler\Activision

2009-02-14 19:18 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools Lite

2009-02-14 18:06 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools Pro

2009-02-14 18:06 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools

2009-02-14 18:05 --------- d-----w c:\programfiler\DAEMON Tools Lite

2009-02-14 18:05 --------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2009-02-14 18:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-02-14 14:05 --------- d-----w c:\documents and settings\Shadow\Programdata\vlc

2009-02-14 14:04 --------- d-----w c:\programfiler\VideoLAN

2009-02-14 10:48 --------- d-----w c:\programfiler\CCleaner

2009-02-14 09:54 --------- d-----w c:\programfiler\uTorrent

2009-02-14 09:36 --------- d-----w c:\documents and settings\Shadow\Programdata\Ventrilo

2009-02-14 09:27 --------- d-----w c:\documents and settings\All Users\Programdata\Messenger Plus!

2009-02-14 09:23 --------- d-----w c:\programfiler\Messenger Plus! Live

2009-02-14 09:19 --------- d-----w c:\programfiler\Windows Live SkyDrive

2009-02-14 09:19 --------- d-----w c:\programfiler\Windows Live

2009-02-14 09:19 --------- d-----w c:\programfiler\Microsoft

2009-02-14 09:16 --------- d-----w c:\programfiler\Fellesfiler\Windows Live

2009-02-14 09:01 --------- d-----w c:\programfiler\Bonjour

2009-02-14 08:51 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared

2009-02-14 07:38 --------- d-----w c:\programfiler\VALVe

2009-02-14 07:37 --------- d-----w c:\programfiler\Winamp

2009-02-14 07:29 --------- d-----w c:\documents and settings\Shadow\Programdata\ATI

2009-02-14 07:25 --------- d-----w c:\documents and settings\Shadow\Programdata\Windows Search

2009-02-14 07:22 --------- d-----w c:\programfiler\Reference Assemblies

2009-02-14 07:17 --------- d-----w c:\programfiler\Windows Media Connect 2

2009-02-14 07:04 --------- d-----w c:\programfiler\Microsoft Silverlight

2009-02-14 06:59 --------- d-----w c:\programfiler\Fellesfiler\InstallShield

2009-02-14 05:45 --------- d-----w c:\programfiler\microsoft frontpage

2009-02-14 05:44 --------- d-----w c:\programfiler\Elektroniske tjenester

2009-02-14 05:43 --------- d-----w c:\programfiler\Fellesfiler\Tjenester

2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"CTSyncU.exe"="c:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-23 1601304]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-17 148888]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"CTCheck"="c:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Shadow\Start-meny\Programmer\Oppstart\

Stardock ObjectDock.lnk - c:\programfiler\Stardock\ObjectDock\ObjectDock.exe [2009-02-14 3450608]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

SetPointII.lnk - c:\programfiler\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-23 21:23 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Programfiler\\DC++\\DCPlusPlus.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-23 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-23 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-23 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-23 298264]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-15 10384]

R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2009-03-22 84608]

R3 P0870Dev;Creative WebCam Live! Motion;c:\windows\system32\drivers\P0870Dev.sys [2009-03-16 172288]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-05-23 547744]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\drivers\sccmusbm.sys [2009-03-17 23936]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-Key Drv - plkhost.exe

 

 

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: buypass.no

Trusted Zone: headit.no

Trusted Zone: norsk-tipping.no

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-26 17:39:50

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(532)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\scardsvr.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\programfiler\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\programfiler\AVG\AVG8\avgrsx.exe

c:\programfiler\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe

c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-03-26 17:46:05 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-03-26 16:45:59

 

Pre-Run: 94 656 376 832 byte ledig

Post-Run: 94,859,321,344 byte ledig

 

302 --- E O F --- 2009-02-14 07:31:45

[testuser]

Hei. Nå har jeg klart å få Trojan.Maliframe!html på PCen.

Selv om jeg finner skadelige filer (med enten Symantec, Malwarebytes' Anti-Malware eller SUPERAntiSpyware Professional), dukker det nesten hele tiden opp fra Symantec at 2 trojaner er flyttet til Quaranteen. Disse filene er lokalisert under temporary internet files. Noen som vet hva jeg skal får å slippe å få denne meldingen hele tiden.

 

PS: Jeg har lest gjennom Symantecs egen removal-guide, men hjelper ikke.

 

Bilde:

Endret 28. mars 2009 av john-m

[norbat]

Hei, John-m.

Hvis du har et 32 bits OS, kjør gjennom veiledningen i denne trådens 1.post (malwarebytes og Combofix). Post loggene.

 

Filene du viser er slik de fremstår i loggen din, bildefiler (index(1).gif). Det kan være en falsk positiv (feilaktig melding) fra Norton. Hvilket nettsted er du innom når Norton poper opp med denne meldingen?