Jhals Skrevet 22. mars 2011 Del Skrevet 22. mars 2011 Norman Security Suite popper opp denne boksen. Malwarebytes Anti-malvare finner ikke noe. Noen som kan hjelpe? Lenke til kommentar
PerB Skrevet 22. mars 2011 Del Skrevet 22. mars 2011 Antaglig fordi Norman har flyttet trojaneren over i karantene. Og ikke alle antivirusprogrammer finner alle virus/trojanere. Dette kan være en trojaner Malwarebytes Anti-malvare ikke finner. Lenke til kommentar
r2d290 Skrevet 22. mars 2011 Del Skrevet 22. mars 2011 Heisann Hvis du følger veiledningen, ref. link øverst i signaturen min, og poster logger her, så kommer det noen å analyserer dem =) Lenke til kommentar
Jhals Skrevet 22. mars 2011 Forfatter Del Skrevet 22. mars 2011 Her er loggene. Håper noen vil ta seg tid til å hjelpe. MBAM Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 6105 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.03.2011 09:15:50 mbam-log-2011-03-22 (09-15-50).txt Skanntype: Hurtigsøk Objekter skannet: 149673 Tid tilbakelagt: 7 minutt(er), 9 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) COMBO ComboFix 11-03-21.02 - user 22.03.2011 13:18:12.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1080 [GMT 1:00] Kjører fra: c:\documents and settings\user\Skrivebord\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} FW: Norman Security Suite *Enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-02-22 til 2011-03-22 ))))))))))))))))))))))))))))))))) . . 2011-03-11 11:34 . 2011-03-11 11:34 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Apple 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- c:\programfiler\Complitly 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- c:\documents and settings\user\Programdata\Complitly 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- C:\ProgramData 2011-02-27 21:45 . 2011-02-27 21:45 -------- d-----w- c:\documents and settings\All Users\Programdata\PDF reDirect 2011-02-23 15:17 . 2011-02-24 16:55 -------- d-----w- c:\programfiler\GUBBEN 2011-02-20 13:28 . 2011-02-20 13:28 -------- d-----w- c:\documents and settings\user\Programdata\Ahead . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 12:55 . 2010-12-15 16:01 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-02-02 07:58 . 2010-11-21 08:36 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-11-21 08:36 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2005-10-06 03:11 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-26 01:04 . 2010-11-21 09:32 9721960 ----a-w- c:\windows\RTLCPL.EXE 2010-12-26 01:04 . 2010-11-21 09:32 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL 2010-12-26 01:04 . 2010-11-21 09:32 84584 ----a-w- c:\windows\SOUNDMAN.EXE 2010-12-26 01:04 . 2010-11-21 09:32 1489512 ----a-w- c:\windows\RtlUpd.exe 2010-12-26 01:04 . 2010-11-21 09:32 6261352 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2010-12-26 01:04 . 2010-11-21 09:32 19722344 ----a-w- c:\windows\RTHDCPL.EXE 2010-12-26 01:04 . 2010-11-21 09:32 2180712 ----a-w- c:\windows\MicCal.exe 2010-12-26 01:04 . 2010-12-15 17:52 64104 ----a-w- c:\windows\ALCMTR.EXE 2010-12-26 01:04 . 2010-11-21 09:32 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL 2010-12-26 01:04 . 2010-11-21 09:32 2815592 ----a-w- c:\windows\ALCWZRD.EXE 2010-12-26 00:56 . 2010-12-07 14:22 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-10-01 07:11 . 2010-12-25 09:40 462112 ----a-w- c:\programfiler\Fellesfiler\ZugoInstaller.exe . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-22 39408] "OV2_Monitor"="c:\programfiler\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2010-11-19 230776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer" [X] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552] "RaidTool"="c:\programfiler\VIA\RAID\raid_tool.exe" [2005-08-12 1056768] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2011-01-12 189824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSN Toolbar"="c:\programfiler\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480] "Microsoft Default Manager"="c:\programfiler\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "RTHDCPL"="RTHDCPL.EXE" [2010-12-26 19722344] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\user\Start-meny\Programmer\Oppstart\ Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2010-12-13 19631104] Outlook Express.lnk - c:\programfiler\Outlook Express\msimn.exe [2010-11-21 60416] Seagate 2GH3VEKQ Product Registration.lnk - c:\documents and settings\user\Programdata\Leadertech\PowerRegister\Seagate 2GH3VEKQ Product Registration.exe [2010-12-19 1731736] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^user^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] path=c:\documents and settings\user\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 16:22 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.11.2010 15:02 64288] R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [21.11.2010 13:19 26744] R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [21.11.2010 13:19 74144] R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [21.11.2010 13:19 378000] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [23.09.2010 08:46 1405384] R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [21.11.2010 13:19 22880] R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [21.11.2010 13:19 223000] R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [21.11.2010 13:41 290472] R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [21.11.2010 13:19 90656] R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [21.11.2010 13:19 40384] R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [21.11.2010 13:19 100336] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programfiler\Lavasoft\Ad-Aware\kernexplorer.sys [23.09.2010 08:46 15232] R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [21.11.2010 13:19 48272] R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [21.11.2010 13:19 23040] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [09.12.2010 10:32 288072] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [21.11.2010 13:19 24176] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\Nvcoas.exe [21.11.2010 13:19 198168] R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [21.11.2010 13:19 99312] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.11.2010 09:28 136176] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.01.2011 20:37 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.01.2011 20:37 8576] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [07.12.2010 15:22 11232] . --- Andre tjenester/drivere lastet i minnet --- . *Deregistered* - mchInjDrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 13:06] . 2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-03-21 c:\windows\Tasks\GoodSync - Backup mellom C og E (Documens and Settings).job - c:\programfiler\Siber Systems\GoodSync\GoodSync.exe [2011-01-07 07:08] . 2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-11-22 08:28] . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-11-22 08:28] . 2011-03-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2010-05-26 14:23] . 2011-03-22 c:\windows\Tasks\User_Feed_Synchronization-{59E819CB-3469-4850-A973-B27F19495B9E}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ig?hl=no&source=iglk IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html LSP: c:\programfiler\Norman\ngs\bin\nlf.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kamera.harpefossen.no/activex/AMC.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-22 13:21 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run RaidTool = c:\programfiler\VIA\RAID\raid_tool.exe? . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1356) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5316) c:\programfiler\Norman\nvc\bin\Niphk.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2011-03-22 13:22:40 ComboFix-quarantined-files.txt 2011-03-22 12:22 ComboFix2.txt 2011-03-22 12:08 . Pre-Run: 183 685 177 344 byte ledig Post-Run: 183 668 981 760 byte ledig . - - End Of File - - 64748E50DB7BA2528AD1B1EBC6E52E63 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå