norbat Skrevet 24. februar 2009 Forfatter Del Skrevet 24. februar 2009 Xarus: kjør gjennom veiledning og post loggene i en egen tråd som du oppretter ved å klikke på Nytt Emne-knappen Lenke til kommentar
carina_elise Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 (endret) Endret 5. mars 2009 av carina_elise Lenke til kommentar
norbat Skrevet 5. mars 2009 Forfatter Del Skrevet 5. mars 2009 Hei, carina_elise. Har du fått løst evt. problemet? Lenke til kommentar
r2d290 Skrevet 5. mars 2009 Del Skrevet 5. mars 2009 Hei, carina_elise. Har du fått løst evt. problemet? Det som oprinnelig sto i posten til carina_elise var at hun linket til tråden https://www.diskusjon.no/index.php?showtopic=1082883&hl=. Den tråden er satt som løst, så jeg regner med at problemet har løst seg? Lenke til kommentar
Mojo Pin Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Hei! Fikk noen tilbakemeldinger i går på at det var blitt sendt ut spam til alle på kontaktlista mi fra MSN i gårkveld. Bruker sjelden msn, kun til å sjekke hotmail-kontoen min i ny og ne. Har kjørt fullt systemscan med avast! og hurtigscan med Malwarebytes uten å finne noe som helst. Det er første gangen jeg har opplevd dette, noen som veit hva som fjerner det? Lenke til kommentar
hernil Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Følg veiledningen og lag ny tråd med loggene, men først og fremst bør du endre passordet på hotmail-kontoen. Lenke til kommentar
zonko Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Maskinen hjemme hos foreldrene fikk for et par uker siden popups fra det fake antivirusprogrammet System Security. Jeg fikk fjernet det med mbam (det var ihvertfall ingen tegn til det da jeg var ferdig), men nå er uværet tilbake. Kommer dette programmet gjennom noen kjent sårbarhet/ kilde jeg kan lukke? Bilde av driten her: http://s5.tinypic.com/2vxg9jm.jpg Lenke til kommentar
raWrz Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 lag en ny tråd (trykk på nytt emne knappen) og følg veiledningen som er linket øverst i signaturen min Lenke til kommentar
zonko Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 Jeg bor ikke der maskina er, så det er vanskelig å få gjort nå. Fikk fjernet den sist (i alle fall hva jeg kunne se). Lurer i denne ogang på om dette programmet sprer seg på noen kjent, bestemt måte slik at jeg kan hindre den fra å komme inn på nytt. Lenke til kommentar
Tosha0007 Skrevet 8. mars 2009 Del Skrevet 8. mars 2009 (endret) det høyres ut som du diverre ikkje klarte å fjerne heile infeksjonen, f.eks ei fil som låg att som køyrer (installerer) programmet på nytt. No skal eg ikkje sei eg er heilt sikker på kva filer og registeroppføringer som køyrer med det programmet. Skal sjå kva eg finn, men trur det lettaste er at du postar loggar (MBAM og Combofix) når du har tid. Evt kan du kanskje få nokon her på forumet ta det over fjernstyring Endret 8. mars 2009 av tosha0007 Lenke til kommentar
Fløffy Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 (endret) Logg fra combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-03-06.02 - Morten 2009-03-09 21:40:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.3327.2341 [GMT 1:00] Kjører fra: C:\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090308-0] *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 ))))))))))))))))))))))))))))))))) . 2009-03-09 21:37 . 2009-03-09 21:38 2,933,448 -ra------ C:\ComboFix.exe 2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\documents and settings\Morten\Programdata\Malwarebytes 2009-03-09 21:34 . 2009-03-09 21:34 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-09 21:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-09 21:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-09 21:33 . 2009-03-09 21:33 2,876,720 --a------ C:\mbam-setup.exe 2009-03-09 19:08 . 2009-03-09 19:08 7,168 --ahs---- c:\windows\Thumbs.db 2009-03-09 18:59 . 2009-03-09 18:59 <DIR> d-------- C:\Screenshots 2009-03-09 16:33 . 2009-03-09 16:33 278,280 --a------ C:\Screenshots.zip 2009-03-07 11:05 . 2009-03-07 11:05 473,120 --a------ C:\OGAPluginInstall.exe 2009-03-07 11:04 . 2009-03-07 11:04 956,376 --a------ C:\SaveAsPDFandXPS.exe 2009-03-07 10:58 . 2009-03-07 10:59 11,399,920 --a------ C:\5550-non-2kxpinfu.exe 2009-03-07 10:58 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-03-07 10:56 . 2009-03-07 10:56 <DIR> d-------- c:\windows\SHELLNEW 2009-03-07 00:34 . 2009-03-07 00:45 8 --a------ c:\windows\system32\nvModes.dat 2009-03-05 14:48 . 2009-03-05 14:51 <DIR> d-------- c:\programfiler\WhatPulse 2009-03-05 14:48 . 2009-03-05 14:48 657,331 --a------ C:\WhatPulse-1.5-Setup.exe 2009-03-01 15:46 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-03-01 14:40 . 2009-03-01 14:40 1,355 --a------ c:\windows\imsins.BAK 2009-03-01 14:33 . 2009-03-01 14:33 224 --a------ c:\windows\system32\spupdsvc.inf 2009-02-26 22:10 . 2009-03-09 21:28 <DIR> dr-h----- c:\documents and settings\Morten\Siste 2009-02-26 22:08 . 2009-02-26 22:08 3,171,208 --a------ C:\ccsetup216.exe 2009-02-21 16:51 . 2009-02-21 16:51 <DIR> d--h----- c:\documents and settings\All Users\Programdata\CanonBJ 2009-02-16 21:11 . 2009-02-16 21:15 <DIR> d-------- c:\programfiler\GRemote 2009-02-16 21:09 . 2009-02-16 21:09 4,054,994 --a------ C:\GRemote setup.exe 2009-02-14 16:58 . 2009-02-14 16:59 <DIR> d-------- c:\documents and settings\Morten\.VirtualBox 2009-02-14 16:58 . 2009-01-21 19:14 129,552 --a------ c:\windows\system32\VBoxNetFltNotify.dll 2009-02-14 16:58 . 2009-01-21 19:13 87,312 --a------ c:\windows\system32\drivers\VBoxNetFlt.sys 2009-02-14 16:20 . 2009-02-14 16:20 <DIR> d-------- c:\programfiler\Sun 2009-02-14 16:20 . 2009-01-21 19:13 100,560 --a------ c:\windows\system32\drivers\VBoxDrv.sys 2009-02-14 16:20 . 2009-01-21 19:13 41,680 --a------ c:\windows\system32\drivers\VBoxUSBMon.sys 2009-02-14 16:16 . 2009-02-14 16:17 37,428,736 --a------ C:\VirtualBox-2.1.2-41885-Win_x86.msi 2009-02-14 14:43 . 2009-02-14 14:48 <DIR> d-------- c:\windows\NV76006852.TMP 2009-02-14 14:43 . 2008-09-17 23:55 201,050 --a------ c:\windows\system32\nvapps.nvb 2009-02-14 13:19 . 2009-02-14 13:19 <DIR> d-------- c:\programfiler\Google 2009-02-11 16:35 . 2009-02-11 16:35 <DIR> d-------- c:\programfiler\Spotify 2009-02-11 16:35 . 2009-03-09 18:19 <DIR> d-------- c:\documents and settings\Morten\Programdata\Spotify 2009-02-11 16:35 . 2009-02-11 16:35 1,521,192 --a------ C:\Spotify Installer.exe 2009-02-09 21:35 . 2009-02-09 21:35 <DIR> d-------- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-09 20:39 --------- d-----w c:\documents and settings\Morten\Programdata\DNA 2009-03-09 17:53 --------- d-----w c:\documents and settings\Morten\Programdata\BitTorrent 2009-03-09 09:17 --------- d-----w c:\programfiler\LogMeIn 2009-03-08 02:09 --------- d-----w c:\programfiler\DNA 2009-03-08 01:27 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-03-07 12:40 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-03-07 10:04 --------- d-----w c:\programfiler\MSECache 2009-03-07 09:53 --------- d-----w c:\programfiler\Microsoft Works 2009-03-01 17:41 --------- d-----w c:\programfiler\DC++ 2009-02-22 12:03 --------- d-----w c:\documents and settings\Morten\Programdata\LimeWire 2009-02-19 16:33 --------- d-----w c:\documents and settings\Morten\Programdata\dvdcss 2009-02-18 18:44 --------- d-----w c:\programfiler\Windows Live 2009-02-14 13:48 --------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-02-08 22:41 28,868,320 ----a-w C:\FileFormatConverters(2).exe 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-05 21:41 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2009-02-05 21:41 --------- d-----w c:\programfiler\Autodesk 2009-01-29 16:09 --------- d-----w c:\documents and settings\All Users\Programdata\Office Genuine Advantage 2009-01-28 15:52 --------- d-----w c:\documents and settings\Morten\Programdata\Ulead Systems 2009-01-28 15:36 --------- d-----w c:\documents and settings\All Users\Programdata\Ulead Systems 2009-01-28 15:33 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-28 15:33 --------- d-----w c:\programfiler\Windows Media Components 2009-01-28 15:33 --------- d-----w c:\documents and settings\All Users\Programdata\InstallShield 2009-01-28 15:32 --------- d-----w c:\programfiler\Ulead Systems 2009-01-28 15:32 --------- d-----w c:\programfiler\Fellesfiler\Ulead Systems 2009-01-28 15:32 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-26 20:36 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-01-26 20:35 --------- d-----w c:\documents and settings\All Users\Programdata\NOS 2009-01-26 20:34 --------- d-----w c:\programfiler\NOS 2009-01-26 18:22 34,031,720 ----a-w C:\GoogleSketchUpWEN.exe 2009-01-25 16:23 --------- d-----w c:\programfiler\Codemasters 2009-01-19 18:33 28,868,320 ----a-w C:\FileFormatConverters.exe 2009-01-18 11:48 7,668,519 ----a-w C:\DCPlusPlus-0-7091.exe 2009-01-14 23:39 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-14 23:39 --------- d-----w c:\programfiler\Java 2009-01-14 23:38 607,640 ----a-w C:\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008.exe 2009-01-14 23:38 607,640 ----a-w C:\jxpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008(2).exe 2009-01-14 23:38 --------- d-----w c:\programfiler\LimeWire 2009-01-14 23:37 4,900,376 ----a-w C:\LimeWireWin.exe 2009-01-14 21:27 --------- d-----w c:\documents and settings\All Users\Programdata\LogMeIn 2009-01-14 15:04 --------- d-----w c:\documents and settings\Morten\Programdata\Steinberg 2009-01-13 23:19 --------- d-----w c:\programfiler\Steinberg 2009-01-13 23:19 --------- d-----w c:\programfiler\Pinnacle 2009-01-13 23:18 --------- d-----w c:\programfiler\Syncrosoft 2009-01-13 23:18 --------- d-----w c:\documents and settings\All Users\Programdata\Pinnacle 2009-01-13 22:56 --------- d-----w c:\programfiler\BitTorrent 2009-01-13 22:56 --------- d-----w c:\programfiler\AskSearch 2009-01-13 22:53 1,754,496 ----a-w C:\BitTorrent-6.1.2.exe 2009-01-13 20:30 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared 2009-01-13 20:27 --------- d-----w c:\programfiler\Lavalys 2009-01-12 20:58 --------- d-----w c:\programfiler\Microsoft.NET 2009-01-11 22:12 --------- d-----w c:\documents and settings\Morten\Programdata\vlc 2009-01-11 22:11 --------- d-----w c:\programfiler\VideoLAN 2009-01-11 22:09 16,320,472 ----a-w C:\vlc-0.9.8a-win32.exe 2009-01-11 19:29 --------- d-----w c:\programfiler\Microsoft Games for Windows - LIVE 2009-01-11 19:26 31,879,336 ----a-w C:\gfwlivesetupmin.exe 2009-01-11 19:20 --------- d--h--r c:\documents and settings\Morten\Programdata\SecuROM 2009-01-11 19:12 318,904 ----a-w C:\wmpfirefoxplugin.exe 2009-01-11 17:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-11 17:44 --------- d-----w c:\programfiler\Rockstar Games 2009-01-11 17:35 --------- d-----w c:\programfiler\MSBuild 2009-01-11 17:32 --------- d-----w c:\programfiler\Reference Assemblies 2009-01-11 17:28 --------- d-----w c:\programfiler\DAEMON Tools Lite 2009-01-11 17:25 716,272 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-11 17:25 --------- d-----w c:\documents and settings\Morten\Programdata\DAEMON Tools 2009-01-11 17:12 504,320 ----a-w C:\daemon347.exe 2009-01-11 17:12 --------- d-----w c:\programfiler\D-Tools 2009-01-11 14:04 --------- d-----w c:\programfiler\Activision 2009-01-11 13:53 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-01-11 13:53 --------- d-----w c:\programfiler\Microsoft Sync Framework 2009-01-11 13:53 --------- d-----w c:\programfiler\Microsoft 2009-01-11 13:49 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-01-11 13:48 1,149,768 ----a-w C:\wlsetup-web.exe 2009-01-11 13:09 --------- d-----w c:\programfiler\iTunes 2009-01-11 13:09 --------- d-----w c:\documents and settings\Morten\Programdata\Apple Computer 2009-01-11 13:09 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-11 13:08 --------- d-----w c:\programfiler\QuickTime 2009-01-11 13:08 --------- d-----w c:\programfiler\iPod 2009-01-11 13:08 --------- d-----w c:\programfiler\Fellesfiler\Apple 2009-01-11 13:08 --------- d-----w c:\programfiler\Bonjour 2009-01-11 13:08 --------- d-----w c:\programfiler\Apple Software Update 2009-01-11 13:08 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2009-01-11 13:07 4,556,588 ----a-w C:\daemon4303-lite.exe 2009-01-11 13:07 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2009-01-11 13:06 68,756,776 ----a-w C:\iTunesSetup.exe 2009-01-11 12:50 12,063,952 ----a-w C:\SoundMAX_Audio_v510016310_32bit_2kxp.zip 2009-01-11 12:50 1,232,547 ----a-w C:\wrar371no.exe 2009-01-11 12:50 --------- d-----w c:\programfiler\Analog Devices 2009-01-11 12:48 1,851,544 ----a-w C:\install_flash_player.exe 2009-01-11 12:24 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2009-01-11 12:23 23,804,784 ----a-w C:\aaw2008.exe 2009-01-11 12:23 --------- d-----w c:\programfiler\Lavasoft 2009-01-11 12:23 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-11 12:23 --------- d-----w c:\programfiler\Alwil Software 2009-01-11 12:22 29,993,648 ----a-w C:\setupnor.exe 2009-01-11 12:22 15,083,520 ----a-w C:\spybotsd160.exe 2009-01-11 12:21 --------- d-----w c:\programfiler\CCleaner 2009-01-11 12:20 3,165,824 ----a-w C:\ccsetup215.exe 2009-01-10 21:36 --------- d-----w c:\programfiler\My Company Name 2009-01-10 21:26 --------- d-----w c:\programfiler\ASUS . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856] "RGSC"="c:\programfiler\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-11 306088] "EVEREST AutoStart"="c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\everest.exe" [2008-01-17 2057312] "BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2009-01-13 342848] "WhatPulse"="c:\programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 665600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432] "CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "UVS10 Preload"="c:\programfiler\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "GRemoteServer"="c:\programfiler\GRemote\GRemoteServer.exe" [2008-12-23 1178112] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\FELLES~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\FELLES~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\FELLES~1\ULEADS~1\MPEG\ulmp3acm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Programfiler\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\Codemasters\\DiRT\\DiRT.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\GRemote\\GRemoteServer.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-06-11 64880] R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880] R0 Pnp680;SiI 680 ATA Controller;c:\windows\system32\drivers\PnP680.sys [2007-11-13 71720] R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-06-11 55160] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-11 111184] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-02-14 100560] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-02-14 41680] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-11 20560] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programfiler\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-14 47640] R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [2009-01-13 22640] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-02-14 87312] S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc --> c:\windows\system32\pr2ah4nb.exe svc [?] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?] S3 getPlus® Helper;getPlus® Helper;c:\programfiler\NOS\bin\getPlus_HelperSvc.exe [2009-01-26 33752] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - EVERESTDRIVER [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af01c3d3-df5e-11dd-bedd-806d6172696f}] \Shell\AutoRun\command - J:\Launch.exe /run . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] 2009-03-08 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] . - - - - TOMME PEKERE FJERNET - - - - HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.ask.com/?o=101764&l=dis uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Morten\Programdata\Mozilla\Firefox\Profiles\izohv8hj.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://nn-NO.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nn-NO:official FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npOGAPlugin.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 21:41:30 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\programfiler\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1993962763-1580436667-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:08,0e,7f,c9,96,18,79,11,5c,2d,e9,53,a9,aa,61,c3,4d,1b,67,4a,d7, 64,d9,ce,e9,6f,d1,31,43,6c,02,22,27,39,fc,60,e4,7e,65,59,93,2d,dc,38,ba,87,\ "rkeysecu"=hex:b2,8c,7d,5f,0e,b1,a4,60,df,fa,d3,fb,df,cb,2a,d7 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(876) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Tidspunkt ferdig: 2009-03-09 21:42:20 ComboFix-quarantined-files.txt 2009-03-09 20:42:18 Pre-Run: 19 194 994 688 byte ledig Post-Run: 21,068,472,320 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 292 --- E O F --- 2009-03-08 01:27:17 Endret 9. mars 2009 av Actrm Lenke til kommentar
raWrz Skrevet 9. mars 2009 Del Skrevet 9. mars 2009 venligst lag et nytt emne ved og likke på nytt enme knappen og beskriv om det er bare en sjekk eller om du er plaga ev et virus vi hjelper ikke lenger i denne tråden Lenke til kommentar
Pizzaen Skrevet 22. mars 2009 Del Skrevet 22. mars 2009 (endret) bla, bla... Aktuelle saker: Test av antimalware-program: https://www.diskusjon.no/index.php?showtopic=1079419 bla, bla... Denne linker til "Info: Sikkerhetsproblem i Microsoft Office Excel" og ikke "Test av antimalware-program". Endret 22. mars 2009 av Pizzaen Lenke til kommentar
raWrz Skrevet 22. mars 2009 Del Skrevet 22. mars 2009 (endret) *Pirk* er pirk på Pizzaen men han tok det bort http://no.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware det skrivest vist malware uten e Endret 22. mars 2009 av Submit Lenke til kommentar
Pizzaen Skrevet 22. mars 2009 Del Skrevet 22. mars 2009 (endret) *Pirk* http://no.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware det skrivest vist malware uten e Fant ut det ettervert jeg også, derfor jeg redigerte det bort Når vi først holder på: ettervert med h eller uten h? Edit: skrives tydeligvis "etter hvert" i 2 ord, lært meg noe nytt i dag og Endret 22. mars 2009 av Pizzaen Lenke til kommentar
Tosha0007 Skrevet 22. mars 2009 Del Skrevet 22. mars 2009 (endret) [off-topic]Kvifor ikkje gjera det lett å skriva nynorsk Der heiter det etter kvart går knapt ann å ta feil Det skrives etter hvert på bokmål dersom du absolutt må ha det [/off-topic] [on-topic]edit: Til norbat, som Pizzaen skreiv litt lenger opp er linken til "Test av Antimalware-program" feil. Det skal vera denne adressa: https://www.diskusjon.no/index.php?showtopic=1075335 [/on-topic] Endret 22. mars 2009 av tosha0007 Lenke til kommentar
Shadowxx Skrevet 26. mars 2009 Del Skrevet 26. mars 2009 det funka ikke her er min sak Malwarebytes' Anti-Malware her er Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.34Databaseversjon: 1749 Windows 5.1.2600 Service Pack 3 26.03.2009 17:23:09 mbam-log-2009-03-26 (17-23-09).txt Skanntype: Rask Skann Objekter skannet: 67720 Tid tilbakelagt: 5 minute(s), 8 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) her er comfix logg Klikk for å se/fjerne innholdet nedenfor ComboFix 09-03-25.04 - Shadow 2009-03-26 17:30:59.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1023.546 [GMT 1:00] Kjører fra: c:\mxdownload\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-26 til 2009-03-26 ))))))))))))))))))))))))))))))))) . 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Siste 2009-03-25 23:16 . 2009-03-25 23:17 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Mine dokumenter 2009-03-25 23:16 . 2009-02-14 06:42 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d-------- c:\documents and settings\Administrator\Favoritter 2009-03-25 23:16 . 2009-02-14 06:30 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-03-25 23:16 . 2009-03-25 23:16 <DIR> d-------- c:\documents and settings\Administrator 2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Malwarebytes 2009-03-25 23:12 . 2009-03-25 23:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-25 23:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-25 23:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-25 16:32 . 2000-05-22 01:58 647,872 --------- c:\windows\system32\Mscomct2.ocx 2009-03-25 16:32 . 2006-10-05 23:17 53,248 --------- c:\windows\Ctregrun.exe 2009-03-25 16:31 . 2009-03-25 16:31 417,792 --a------ c:\windows\system32\awrdscdc.ax 2009-03-25 16:30 . 2009-03-25 16:31 <DIR> d-------- c:\programfiler\Audible 2009-03-25 16:30 . 2003-03-18 21:20 1,060,864 --------- c:\windows\system32\mfc71.dll 2009-03-25 16:30 . 2003-03-18 20:14 499,712 --------- c:\windows\system32\msvcp71.dll 2009-03-25 16:30 . 2003-02-21 04:42 348,160 --------- c:\windows\system32\msvcr71.dll 2009-03-25 16:29 . 2009-03-25 16:42 <DIR> d-------- c:\documents and settings\All Users\Programdata\Creative 2009-03-25 16:28 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2009-03-25 16:28 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2009-03-25 16:27 . 2009-03-25 16:27 <DIR> d-------- c:\programfiler\Fellesfiler\Creative 2009-03-25 16:27 . 2009-03-25 16:29 <DIR> d--h----- c:\programfiler\Creative Installation Information 2009-03-22 22:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-03-22 22:12 . 2009-03-22 22:12 <DIR> d-------- c:\programfiler\Microsoft Works 2009-03-22 22:08 . 2009-03-22 22:08 <DIR> d-------- c:\programfiler\Microsoft.NET 2009-03-22 22:05 . 2009-03-22 22:05 <DIR> d-------- c:\programfiler\Microsoft Visual Studio 8 2009-03-22 22:04 . 2009-03-22 22:10 <DIR> d-------- c:\windows\SHELLNEW 2009-03-22 22:03 . 2009-03-22 22:22 <DIR> d-------- c:\documents and settings\All Users\Programdata\Microsoft Help 2009-03-22 22:01 . 2009-03-22 22:01 <DIR> dr-h----- C:\MSOCache 2009-03-22 21:43 . 2009-03-22 21:44 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-22 21:43 . 2006-06-09 11:04 278,528 --a------ c:\windows\system32\cmdiag.new 2009-03-22 21:43 . 2006-06-09 11:04 278,528 --a------ c:\windows\system32\cmdiag.cpl 2009-03-22 21:43 . 2005-04-13 11:17 163,840 --a------ c:\windows\system32\cmabout.dll 2009-03-22 21:43 . 2006-07-11 11:03 84,608 --a------ c:\windows\system32\drivers\cxbu0wdm.sys 2009-03-22 21:43 . 2006-03-20 13:53 61,440 --a------ c:\windows\system32\chksvrn.dll 2009-03-22 21:43 . 2001-04-27 09:39 41,926 --a------ c:\windows\system32\ok.bmp 2009-03-22 21:43 . 2006-07-04 08:17 10,229 --a------ c:\windows\system32\cmdiag.ini 2009-03-22 21:43 . 2006-02-03 10:42 142 --a------ c:\windows\system32\cmabout.ini 2009-03-22 21:42 . 2009-03-22 21:42 <DIR> d-------- c:\programfiler\Buypass 2009-03-17 19:27 . 2009-03-17 19:27 <DIR> d-------- C:\Isa_SCR 2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\windows\Sun 2009-03-17 19:22 . 2009-03-17 19:22 <DIR> d-------- c:\programfiler\Java 2009-03-17 19:22 . 2009-03-17 19:22 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-17 19:22 . 2009-03-17 19:22 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-17 19:17 . 2001-08-17 21:51 23,936 --a------ c:\windows\system32\drivers\sccmusbm.sys 2009-03-17 19:17 . 2001-08-17 21:51 23,936 --a--c--- c:\windows\system32\dllcache\sccmusbm.sys 2009-03-16 21:08 . 2009-03-25 16:47 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Creative 2009-03-16 20:51 . 2009-03-16 20:51 <DIR> d-------- C:\WebCam 2009-03-15 21:13 . 2008-09-26 09:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys 2009-03-15 21:13 . 2009-03-15 21:13 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-03-15 21:12 . 2009-03-15 21:12 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2009-03-15 21:11 . 2009-03-15 21:11 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-03-15 21:11 . 2009-03-15 21:11 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-03-15 21:09 . 2009-03-15 21:09 <DIR> d-------- c:\programfiler\Logitech 2009-03-15 21:09 . 2009-03-15 21:10 <DIR> d-------- c:\programfiler\Fellesfiler\Logishrd 2009-03-15 21:08 . 2009-03-15 21:14 <DIR> d-------- c:\documents and settings\All Users\Programdata\LogiShrd 2009-03-10 19:29 . 2009-03-26 17:26 <DIR> d-------- C:\MxDownload 2009-03-10 19:27 . 2009-03-10 19:27 0 --a------ c:\windows\system32\cid_store.dat 2009-03-09 15:29 . 2009-03-09 15:29 <DIR> d-------- c:\programfiler\BillP Studios 2009-03-09 15:29 . 2009-03-09 15:29 <DIR> d-------- c:\documents and settings\Shadow\Programdata\WinPatrol 2009-03-09 15:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl 2009-03-08 14:20 . 2009-03-08 14:25 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Stardock 2009-03-08 14:19 . 2009-03-08 14:22 <DIR> d-------- c:\documents and settings\All Users\Programdata\Stardock 2009-03-08 14:19 . 2009-03-08 14:19 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418} 2009-03-08 14:11 . 2009-03-25 22:28 <DIR> dr-h----- c:\documents and settings\Shadow\Siste 2009-03-05 19:43 . 2009-03-05 19:43 <DIR> d-------- c:\documents and settings\All Users\Programdata\ATI 2009-03-05 17:19 . 2009-03-05 17:19 98,304 --a------ c:\windows\system32\CmdLineExt.dll 2009-03-05 17:12 . 2009-03-05 17:12 32 --a------ c:\windows\CD_Start.INI 2009-03-05 17:01 . 2009-03-05 17:01 <DIR> d-------- c:\programfiler\Rockstar Games 2009-03-03 16:57 . 2009-03-03 16:58 <DIR> d-------- c:\documents and settings\Shadow\Programdata\DivX 2009-03-03 16:56 . 2008-11-06 17:37 120,056 --------- c:\windows\system32\pxcpyi64.exe 2009-03-03 16:56 . 2008-11-06 17:37 118,520 --------- c:\windows\system32\pxinsi64.exe 2009-03-03 16:55 . 2009-03-03 16:56 <DIR> d-------- c:\programfiler\DivX 2009-03-02 21:21 . 2009-03-23 23:40 116 --a------ c:\windows\NeroDigital.ini 2009-03-02 21:20 . 2009-03-02 21:20 <DIR> d-------- c:\documents and settings\Shadow\Programdata\Ahead 2009-03-02 21:20 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe 2009-03-02 21:20 . 2006-03-22 12:55 47,867 --------- c:\windows\UNNMP.cfg 2009-03-02 21:18 . 2009-03-02 21:18 <DIR> d-------- c:\programfiler\Fellesfiler\Nero 2009-03-02 21:18 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-03-02 21:17 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe 2009-03-02 21:17 . 2006-03-22 12:55 179,261 --------- c:\windows\UNNeroVision.cfg 2009-03-02 21:17 . 2001-08-17 22:43 24,576 --------- c:\windows\system32\msxml3a.dll 2009-03-02 21:16 . 2009-03-02 21:16 <DIR> d-------- c:\programfiler\Fellesfiler\Ahead 2009-03-02 21:16 . 2009-03-02 21:19 <DIR> d-------- c:\programfiler\Ahead 2009-03-02 21:16 . 2009-03-02 21:16 <DIR> d-------- c:\documents and settings\All Users\Programdata\Ahead 2009-03-02 21:16 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll 2009-03-02 21:16 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll 2009-03-02 21:16 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll 2009-03-02 21:16 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll 2009-03-02 21:16 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll 2009-03-02 21:16 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-03-02 21:16 . 2001-06-26 07:15 38,912 --------- c:\windows\system32\picn20.dll 2009-03-02 16:09 . 2009-03-03 14:56 4,096 --a------ c:\windows\system32\crash 2009-03-02 15:20 . 2009-03-02 15:20 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet 2009-03-02 14:39 . 2009-03-18 23:28 <DIR> d-------- c:\documents and settings\Shadow\Programdata\dvdcss . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-26 16:29 --------- d-----w c:\documents and settings\Shadow\Programdata\MxBoost 2009-03-25 22:16 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-03-25 15:32 --------- d-----w c:\programfiler\Creative 2009-03-24 18:59 --------- d-----w c:\documents and settings\Shadow\Programdata\uTorrent 2009-03-22 21:11 --------- d-----w c:\programfiler\MSBuild 2009-03-22 21:10 --------- d-----w c:\programfiler\DC++ 2009-03-16 19:36 --------- d-----w c:\programfiler\ATI 2009-03-08 13:19 --------- d-----w c:\programfiler\Stardock 2009-03-08 01:44 --------- d-----w c:\documents and settings\Shadow\Programdata\Winamp 2009-03-05 18:38 --------- d-----w c:\programfiler\ATI Technologies 2009-03-03 18:52 --------- d-----w c:\documents and settings\Shadow\Programdata\AVGTOOLBAR 2009-03-01 19:11 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-02-23 20:23 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-23 20:23 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-23 20:22 --------- d-----w c:\programfiler\AVG 2009-02-23 20:18 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-02-23 20:17 2,560 ----a-w c:\windows\_MSRSTRT.EXE 2009-02-23 19:25 --------- d-----w c:\documents and settings\Shadow\Programdata\ImgBurn 2009-02-23 19:21 --------- d-----w c:\programfiler\ImgBurn 2009-02-23 17:46 --------- d-----w c:\programfiler\MP3 Wave Converter 2009-02-23 17:35 --------- d-----w c:\programfiler\NOS 2009-02-23 17:35 --------- d-----w c:\documents and settings\All Users\Programdata\NOS 2009-02-23 16:57 --------- d-----w c:\programfiler\EA GAMES 2009-02-22 18:34 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-02-22 18:29 --------- d-----w c:\programfiler\Maxthon2 2009-02-22 18:01 --------- d-----w c:\programfiler\Windows Desktop Search 2009-02-15 13:29 --------- d-----w c:\programfiler\Astro Gemini Software 2009-02-15 13:25 29,696 ----a-w c:\windows\mickey32.dll 2009-02-15 13:25 232,784 ----a-w c:\windows\Matrix Code.scr 2009-02-15 13:25 2,285,222 ----a-w c:\windows\Matrix Code.exe 2009-02-15 09:22 --------- d-----w c:\programfiler\Fellesfiler\Stardock 2009-02-14 23:41 --------- d-----w c:\programfiler\Counter-Strike 2009-02-14 23:13 --------- d-----w c:\programfiler\Steam 2009-02-14 20:43 --------- d-----w c:\programfiler\Fellesfiler\DirectX 2009-02-14 20:21 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-14 20:21 22,328 ----a-w c:\documents and settings\Shadow\Programdata\PnkBstrK.sys 2009-02-14 19:25 --------- d-----w c:\programfiler\Activision 2009-02-14 19:18 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools Lite 2009-02-14 18:06 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools Pro 2009-02-14 18:06 --------- d-----w c:\documents and settings\Shadow\Programdata\DAEMON Tools 2009-02-14 18:05 --------- d-----w c:\programfiler\DAEMON Tools Lite 2009-02-14 18:05 --------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-02-14 18:01 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-02-14 14:05 --------- d-----w c:\documents and settings\Shadow\Programdata\vlc 2009-02-14 14:04 --------- d-----w c:\programfiler\VideoLAN 2009-02-14 10:48 --------- d-----w c:\programfiler\CCleaner 2009-02-14 09:54 --------- d-----w c:\programfiler\uTorrent 2009-02-14 09:36 --------- d-----w c:\documents and settings\Shadow\Programdata\Ventrilo 2009-02-14 09:27 --------- d-----w c:\documents and settings\All Users\Programdata\Messenger Plus! 2009-02-14 09:23 --------- d-----w c:\programfiler\Messenger Plus! Live 2009-02-14 09:19 --------- d-----w c:\programfiler\Windows Live SkyDrive 2009-02-14 09:19 --------- d-----w c:\programfiler\Windows Live 2009-02-14 09:19 --------- d-----w c:\programfiler\Microsoft 2009-02-14 09:16 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2009-02-14 09:01 --------- d-----w c:\programfiler\Bonjour 2009-02-14 08:51 --------- d-----w c:\programfiler\Fellesfiler\Macrovision Shared 2009-02-14 07:38 --------- d-----w c:\programfiler\VALVe 2009-02-14 07:37 --------- d-----w c:\programfiler\Winamp 2009-02-14 07:29 --------- d-----w c:\documents and settings\Shadow\Programdata\ATI 2009-02-14 07:25 --------- d-----w c:\documents and settings\Shadow\Programdata\Windows Search 2009-02-14 07:22 --------- d-----w c:\programfiler\Reference Assemblies 2009-02-14 07:17 --------- d-----w c:\programfiler\Windows Media Connect 2 2009-02-14 07:04 --------- d-----w c:\programfiler\Microsoft Silverlight 2009-02-14 06:59 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-02-14 05:45 --------- d-----w c:\programfiler\microsoft frontpage 2009-02-14 05:44 --------- d-----w c:\programfiler\Elektroniske tjenester 2009-02-14 05:43 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "CTSyncU.exe"="c:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-23 1601304] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-17 148888] "GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "CTCheck"="c:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Shadow\Start-meny\Programmer\Oppstart\ Stardock ObjectDock.lnk - c:\programfiler\Stardock\ObjectDock\ObjectDock.exe [2009-02-14 3450608] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ SetPointII.lnk - c:\programfiler\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-23 21:23 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-23 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-23 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-23 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-23 298264] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-03-15 10384] R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2009-03-22 84608] R3 P0870Dev;Creative WebCam Live! Motion;c:\windows\system32\drivers\P0870Dev.sys [2009-03-16 172288] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-05-23 547744] S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;c:\windows\system32\drivers\sccmusbm.sys [2009-03-17 23936] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-Key Drv - plkhost.exe . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-26 17:39:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\scardsvr.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\programfiler\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\programfiler\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\progra~1\AVG\AVG8\avgnsx.exe . ************************************************************************** . Tidspunkt ferdig: 2009-03-26 17:46:05 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-03-26 16:45:59 Pre-Run: 94 656 376 832 byte ledig Post-Run: 94,859,321,344 byte ledig 302 --- E O F --- 2009-02-14 07:31:45 Lenke til kommentar
testuser Skrevet 28. mars 2009 Del Skrevet 28. mars 2009 (endret) Hei. Nå har jeg klart å få Trojan.Maliframe!html på PCen. Selv om jeg finner skadelige filer (med enten Symantec, Malwarebytes' Anti-Malware eller SUPERAntiSpyware Professional), dukker det nesten hele tiden opp fra Symantec at 2 trojaner er flyttet til Quaranteen. Disse filene er lokalisert under temporary internet files. Noen som vet hva jeg skal får å slippe å få denne meldingen hele tiden. PS: Jeg har lest gjennom Symantecs egen removal-guide, men hjelper ikke. Bilde: Endret 28. mars 2009 av john-m Lenke til kommentar
norbat Skrevet 28. mars 2009 Forfatter Del Skrevet 28. mars 2009 Hei, John-m. Hvis du har et 32 bits OS, kjør gjennom veiledningen i denne trådens 1.post (malwarebytes og Combofix). Post loggene. Filene du viser er slik de fremstår i loggen din, bildefiler (index(1).gif). Det kan være en falsk positiv (feilaktig melding) fra Norton. Hvilket nettsted er du innom når Norton poper opp med denne meldingen? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå