hammeravsaft Skrevet 20. november 2009 Del Skrevet 20. november 2009 (endret) Har fått et virus som tar over facebook. Når jeg logger meg inn på www.facebook.com kommer jeg kun til ....fjernet Ikke trykk på linken (Endret lenken til diskusjon.no, men lot beskrivelsen stå. MOD). Ser på kildekoden til min facebook at det ikke er den ekte når jeg ser på kildekoden. Alle linker som ikke er login fungerer ikke Kjører microsoft sitt nye antivirus, men den finner ingenting. Har kjørt spybot search and destroy, ad aware men de finner heller ingenting. Noen som har noen anelse hvordan jeg blir kvitt dette?? edit: tittel Endret 22. november 2009 av Hognis Endret lenke Lenke til kommentar
Lernes Skrevet 20. november 2009 Del Skrevet 20. november 2009 Malwarebytes er et godt program til å fjerne diverse facebookvirus ! Malwarebytes Garanterer ikke at det vil fungere, men vet iallefall at det fjerner andre facebookvirus Lenke til kommentar
Tosha0007 Skrevet 20. november 2009 Del Skrevet 20. november 2009 For det første; fjern klikkbar link i første innlegg... Deretter køyrer du gjennom veiledninga og poster logger her i din eigen tråd Lenke til kommentar
hammeravsaft Skrevet 22. november 2009 Forfatter Del Skrevet 22. november 2009 Trenger hjelp til å analysere loggen fra combofix. Noen som kan hjelpe? Har søkt med malwarebytes, men den fant ingenting. ComboFix 09-11-21.03 - Terje 22.11.2009 19:21.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.1630 [GMT 1:00] Kjører fra: c:\users\Terje\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2010447536-3916595400-3816097651-1006 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-22 til 2009-11-22 ))))))))))))))))))))))))))))))))) . 2009-11-22 18:31 . 2009-11-22 18:31 -------- d-----w- c:\users\Terje\AppData\Local\temp 2009-11-22 18:31 . 2009-11-22 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-11-22 18:31 . 2009-11-22 18:31 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2009-11-22 18:31 . 2009-11-22 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-22 14:29 . 2009-11-22 14:29 -------- d-----w- c:\programdata\Team MediaPortal 2009-11-20 20:45 . 2009-11-20 20:45 0 ----a-w- c:\windows\nsreg.dat 2009-11-20 14:49 . 2009-11-20 14:49 -------- d-----w- c:\users\Terje\AppData\Roaming\Malwarebytes 2009-11-20 14:49 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-20 14:49 . 2009-11-20 14:49 -------- d-----w- c:\programdata\Malwarebytes 2009-11-20 14:49 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-20 14:49 . 2009-11-20 14:49 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-20 14:28 . 2009-11-20 14:57 8192 d-----w- c:\windows\51FB15F4AD2743BCAD4BDD0354FB6BBD.TMP 2009-11-20 14:22 . 2009-11-20 14:22 -------- d-----w- c:\program files\Trend Micro 2009-11-20 00:58 . 2009-11-21 01:49 4096 d-----w- c:\program files\DownloaderAutoitTrojan Removal Tool[1] 2009-11-20 00:20 . 2009-11-20 00:20 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-20 00:20 . 2009-11-20 00:20 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-11-20 00:20 . 2009-11-20 00:22 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-20 00:20 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-11-20 00:19 . 2009-11-20 00:21 -------- d-----w- c:\programdata\Lavasoft 2009-11-20 00:19 . 2009-11-20 00:19 -------- d-----w- c:\program files\Lavasoft 2009-11-19 23:19 . 2009-11-19 23:20 4096 d-----w- c:\program files\Microsoft Security Essentials 2009-11-19 17:42 . 2009-11-19 17:42 -------- d-----w- C:\dir 2009-11-18 14:43 . 2009-11-18 14:44 -------- d-----w- c:\users\Terje\AppData\Local\Deployment 2009-11-18 14:43 . 2009-11-18 14:43 -------- d-----w- c:\users\Terje\AppData\Local\Apps 2009-11-17 10:29 . 2009-11-17 10:29 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-17 10:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-11-17 10:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-11-17 10:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-11-17 10:16 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-11-17 10:16 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv 2009-11-17 10:16 . 2009-09-25 01:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-11-17 10:16 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-11-17 10:16 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll 2009-11-17 10:13 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-11-17 10:13 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-11-17 10:13 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-11-11 09:19 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 09:15 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-05 13:58 . 2009-11-05 13:58 4096 d-----w- c:\program files\SIW 2009-11-01 02:26 . 2009-11-01 02:27 4096 d-----w- c:\program files\Shutdown Monster 2009-10-30 18:07 . 2009-10-30 18:07 4096 d-----w- C:\9960777ba3fcbe37f6fd 2009-10-30 18:02 . 2009-04-10 21:28 618496 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Mswstr10.dll 2009-10-30 18:02 . 2009-04-10 21:28 708608 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msado15.dll 2009-10-30 18:02 . 2009-04-10 21:28 61440 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjter40.dll 2009-10-30 18:02 . 2009-04-10 21:28 368640 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjetoledb40.dll 2009-10-30 18:02 . 2009-04-10 21:28 290816 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjtes40.dll 2009-10-30 18:02 . 2009-04-10 21:28 24576 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjint40.dll 2009-10-30 18:02 . 2009-04-10 21:28 1589248 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjet40.dll 2009-10-30 18:02 . 2008-01-21 02:24 131072 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msjro.dll 2009-10-30 18:02 . 2008-01-21 02:24 253952 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msadox.dll 2009-10-30 18:02 . 2006-11-02 09:46 30749 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\vbajet32.dll 2009-10-30 18:02 . 2006-11-02 09:46 65536 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Msadrh15.dll 2009-10-30 18:02 . 2006-11-02 09:46 380957 ----a-w- c:\users\Terje\AppData\Roaming\Creative\Media Database\JetFileBackup\Expsrv.dll 2009-10-30 17:53 . 2009-10-30 17:53 -------- d-----w- c:\program files\Common Files\Creative 2009-10-30 17:53 . 2009-10-30 17:55 4096 d--h--w- c:\program files\Creative Installation Information 2009-10-28 11:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 11:50 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-24 10:56 . 2009-11-20 14:30 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-24 10:56 . 2009-11-19 23:47 8192 d-----w- c:\program files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-22 18:17 . 2009-03-04 18:39 4096 d-----w- c:\users\Terje\AppData\Roaming\Skype 2009-11-22 18:16 . 2009-03-04 18:40 4096 d-----w- c:\users\Terje\AppData\Roaming\skypePM 2009-11-22 18:16 . 2009-09-17 19:58 -------- d-----w- c:\users\Terje\AppData\Roaming\Dropbox 2009-11-22 18:15 . 2009-03-04 14:49 65536 d-----w- c:\users\Terje\AppData\Roaming\uTorrent 2009-11-22 17:22 . 2009-03-28 22:13 -------- d-----w- c:\users\Terje\AppData\Roaming\Spotify 2009-11-22 11:06 . 2008-01-21 06:14 534612 ----a-w- c:\windows\system32\perfh014.dat 2009-11-22 11:06 . 2008-01-21 06:14 103426 ----a-w- c:\windows\system32\perfc014.dat 2009-11-20 14:37 . 2009-03-05 17:35 -------- d-----w- c:\programdata\FLEXnet 2009-11-19 17:16 . 2009-10-12 23:20 4096 d-----w- c:\programdata\NOS 2009-11-18 14:44 . 2009-04-07 21:32 4096 d-----w- c:\program files\Google 2009-11-17 10:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-17 10:29 . 2009-11-17 10:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-17 10:29 . 2009-11-17 10:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-14 03:36 . 2009-10-10 19:32 8192 d-----w- c:\program files\Steam 2009-11-12 10:31 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 10:29 . 2009-03-04 13:51 24576 d-----w- c:\programdata\Microsoft Help 2009-11-05 08:23 . 2009-06-08 00:11 -------- d-----w- c:\program files\Dl_cats 2009-11-04 00:02 . 2009-10-12 23:49 8192 d-----w- c:\program files\Cheat Engine 2009-11-02 19:42 . 2009-10-01 10:54 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-01 13:20 . 2009-10-10 19:32 -------- d-----w- c:\program files\Common Files\Steam 2009-10-30 18:02 . 2009-03-04 13:19 -------- d-----w- c:\users\Terje\AppData\Roaming\Creative 2009-10-30 18:01 . 2009-02-25 18:31 4096 d-----w- c:\program files\Creative 2009-10-30 17:55 . 2009-02-25 18:17 8192 d--h--w- c:\program files\InstallShield Installation Information 2009-10-30 17:23 . 2009-07-21 07:36 8192 d-----w- c:\program files\MediaMonkey 2009-10-30 16:30 . 2009-07-22 12:05 -------- d-----w- c:\program files\RedLynx 2009-10-30 16:24 . 2009-06-30 00:11 -------- d-----w- c:\program files\EA Games 2009-10-30 16:21 . 2009-10-02 19:26 -------- d-----w- c:\program files\Electronic Arts 2009-10-30 16:11 . 2009-03-04 12:56 -------- d-----w- c:\program files\VS Revo Group 2009-10-21 23:54 . 2009-10-20 19:35 -------- d-----w- c:\program files\Infogrames 2009-10-20 19:37 . 2009-10-20 19:37 -------- d-----w- c:\program files\directx 2009-10-20 19:36 . 2009-10-20 19:36 0 ----a-w- c:\windows\PowerReg.dat 2009-10-15 22:24 . 2009-03-05 12:19 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-13 19:50 . 2009-10-13 19:50 -------- d-----w- c:\program files\Chat Republic Games 2009-10-12 23:20 . 2009-10-12 23:20 -------- d-----w- c:\program files\NOS 2009-10-10 22:42 . 2009-10-10 22:42 -------- d-----w- c:\programdata\Vsk5 2009-10-10 22:42 . 2009-10-10 21:38 4096 d-----w- c:\program files\Vsk5 2009-10-10 20:59 . 2009-10-10 20:59 -------- d-----w- c:\programdata\Electronic Arts 2009-10-10 20:59 . 2009-10-10 20:59 -------- d--h--r- c:\users\Terje\AppData\Roaming\SecuROM 2009-10-10 20:01 . 2009-10-10 19:45 102400 ----a-w- c:\users\Terje\AppData\Roaming\Soldat\Battleye\BEClient.dll 2009-10-10 19:45 . 2009-10-10 19:45 0 ----a-r- C:\logwmemory.bin 2009-10-10 19:43 . 2009-10-10 19:43 -------- d-----w- c:\users\Terje\AppData\Roaming\Soldat 2009-10-10 19:26 . 2009-10-10 19:12 -------- d-----w- c:\users\Terje\AppData\Roaming\Red Alert 3 2009-10-09 10:57 . 2009-07-22 12:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2009-10-09 10:57 . 2009-07-22 12:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-10-03 02:05 . 2009-03-04 12:48 103480 ----a-w- c:\users\Terje\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-02 21:52 . 2009-10-02 21:52 8192 d-----w- c:\program files\Microsoft IntelliPoint 2009-10-02 21:27 . 2009-10-02 19:56 -------- d-----w- c:\users\Terje\AppData\Roaming\Command & Conquer 3 Tiberium Wars 2009-10-01 10:48 . 2009-03-04 13:29 8192 d-----w- c:\program files\ESET 2009-10-01 01:02 . 2009-11-17 10:15 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-17 10:15 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-17 10:15 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-17 10:15 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-17 10:15 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-17 10:15 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-17 10:15 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-17 10:15 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-17 10:15 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-17 10:15 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-17 10:15 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-17 10:15 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-17 10:15 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-17 10:15 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-17 10:15 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-17 10:15 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-27 14:02 . 2009-09-27 14:02 -------- d-----w- c:\program files\NewDigitalSoft 2009-09-25 02:10 . 2009-11-17 10:15 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-17 10:15 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-17 10:15 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-17 10:15 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-17 10:15 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-17 10:15 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-17 10:15 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-17 10:15 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-17 10:15 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:32 . 2009-11-17 10:15 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-17 10:15 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-17 10:15 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-17 10:15 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-17 10:15 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-17 10:15 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-17 10:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-17 10:15 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:30 . 2009-11-17 10:15 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:27 . 2009-11-17 10:15 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-17 10:15 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-17 10:15 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-17 10:15 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-23 14:37 . 2009-10-12 23:20 34112 ----a-w- c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe 2009-09-23 14:37 . 2009-10-12 23:20 32448 ----a-w- c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2009-09-23 14:37 . 2009-10-12 23:20 22352 ----a-w- c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe 2009-09-23 12:55 . 2009-11-20 00:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-20 21:54 . 2009-09-20 21:54 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL 2009-09-17 19:58 . 2009-09-17 19:58 89822 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\Uninstall.exe 2009-09-14 09:29 . 2009-10-15 21:35 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-15 21:39 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 11:41 . 2009-10-15 21:35 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-09-02 23:51 . 2009-09-02 23:51 26785147 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\Dropbox.exe 2009-09-02 23:45 . 2009-09-02 23:45 499712 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\msvcp71.dll 2009-09-02 23:45 . 2009-09-02 23:45 348160 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\msvcr71.dll 2009-09-02 23:45 . 2009-09-02 23:45 77824 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll 2009-02-25 18:32 . 2009-02-25 18:32 75 --sh--r- c:\windows\CT4CET.bin 2009-02-26 02:34 . 2009-02-26 02:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-09-02 23:45 77824 ----a-w- c:\users\Terje\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Google Update"="c:\users\Terje\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-13 133104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-16 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1422632] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600] "FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2009-05-25 95496] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] c:\users\Terje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Terje\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-9-3 26785147] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2009-05-25 09:52 140552 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):3b,cd,e6,ac,4c,fe,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2010447536-3916595400-3816097651-1000] "EnableNotificationsRef"=dword:00000001 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [20.11.2009 01:21 64288] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [30.06.2009 04:37 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [30.06.2009 04:47 180224] R2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [25.05.2009 10:52 2360584] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08.08.2009 14:50 233472] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [07.10.2009 13:50 185640] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 15:28 1533808] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08.08.2009 14:50 36608] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [26.02.2009 03:55 54784] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [26.02.2009 03:55 203264] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18.06.2009 18:48 42480] R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\System32\drivers\NETw5v32.sys [26.02.2009 03:55 3663360] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [26.02.2009 03:55 133472] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [26.02.2009 03:55 279488] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\System32\drivers\livecamv.sys [30.03.2009 20:28 31616] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.11.2009 15:44 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1184912] S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02.02.2006 00:49 204800] S3 FACAP;facap, FastAccess Video Capture;c:\windows\System32\drivers\facap.sys [24.09.2008 19:36 232832] S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [21.01.2008 03:23 21504] S3 Razerlow;Razerlow USB Filter Driver;c:\windows\System32\drivers\Razerlow.sys [25.03.2009 10:27 13225] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [22.02.2007 18:39 2808664] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-11-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 00:21] 2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 14:44] 2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 14:44] 2009-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2010447536-3916595400-3816097651-1000Core.job - c:\users\Terje\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 08:12] 2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2010447536-3916595400-3816097651-1000UA.job - c:\users\Terje\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-13 08:12] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ig uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\ FF - prefs.js: browser.startup.homepage - www.google.no FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\users\Terje\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\users\Terje\AppData\Local\myVRnpapi\npmyvr.dll FF - plugin: c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\users\Terje\AppData\Roaming\Mozilla\Firefox\Profiles\3dyetask.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2010447536-3916595400-3816097651-1000\Software\SecuROM\License information*] "datasecu"=hex:18,0b,13,f4,0b,01,ef,40,9e,9a,65,0c,b6,fe,f1,ee,77,9a,a1,00,0b, 02,f7,ed,ef,f1,f3,ad,37,f0,cf,78,a1,f1,78,51,82,e9,10,28,fb,86,b2,8c,94,c2,\ "rkeysecu"=hex:4b,13,82,ce,4b,21,6a,22,73,84,f9,90,1a,ff,75,97 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(792) c:\windows\system32\FAPassSync.dll - - - - - - - > 'Explorer.exe'(4796) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\users\Terje\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll . Tidspunkt ferdig: 2009-11-22 19:37 ComboFix-quarantined-files.txt 2009-11-22 18:36 ComboFix2.txt 2009-11-22 13:55 Pre-Run: 110 223 736 832 byte ledig Post-Run: 110 177 484 800 byte ledig - - End Of File - - 10AA35652E87D4789C2E56EA14F9600C Lenke til kommentar
norbat Skrevet 22. november 2009 Del Skrevet 22. november 2009 Tøm cachen i nettleseren din og prøv å logge deg inn på facebook igjen. Sjekk også om det ligger noen oppføringer i hosts-fila di som ikke skal være der (C:\Windows\System32\Drivers\etc) Lenke til kommentar
hammeravsaft Skrevet 22. november 2009 Forfatter Del Skrevet 22. november 2009 Tøm cachen i nettleseren din og prøv å logge deg inn på facebook igjen. Sjekk også om det ligger noen oppføringer i hosts-fila di som ikke skal være der (C:\Windows\System32\Drivers\etc) Tusen hjetelig takk. Der lå problemet Lenke til kommentar
roskvama Skrevet 4. august 2012 Del Skrevet 4. august 2012 Kan noen hjelpe meg, helt plutseligt begynner jeg og snde linker på venners profil og kommenteret den samme linken på kommentarer hva skal jeg gjøre ?? Lenke til kommentar
Faller Skrevet 4. august 2012 Del Skrevet 4. august 2012 Kan noen hjelpe meg, helt plutseligt begynner jeg og snde linker på venners profil og kommenteret den samme linken på kommentarer hva skal jeg gjøre ?? Scann pcen med Malwarebytes, sjekk hosts-filen din (C:\Windows\System32\Drivers\etc), bytt passord ved hjelp av en annen maskin, samt deaktiver/slett tillegg/spill/applikasjoner som du ikke bruker. Mvh Faller Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå