Jhals Skrevet 28. mars 2011 Del Skrevet 28. mars 2011 Norman Security Suite popper opp denne boksen heile tida mens eg er på nettet. Kan noen lese igjennom loggene? MBAM Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 6190 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28.03.2011 17:15:25 mbam-log-2011-03-28 (17-15-25).txt Skanntype: Hurtigsøk Objekter skannet: 161350 Tid tilbakelagt: 2 minutt(er), 46 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) COMBO ComboFix 11-03-27.02 - User 28.03.2011 17:02:40.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.2046.1198 [GMT 2:00] Kjører fra: c:\documents and settings\User\Skrivebord\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} FW: Norman Security Suite *Enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0} . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-02-28 til 2011-03-28 ))))))))))))))))))))))))))))))))) . . 2011-03-28 09:54 . 2011-03-28 11:28 -------- d-----w- c:\documents and settings\Administrator 2011-03-11 11:34 . 2011-03-11 11:34 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Apple 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- c:\programfiler\Complitly 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- c:\documents and settings\User\Programdata\Complitly 2011-03-09 11:47 . 2011-03-09 11:47 -------- d-----w- C:\ProgramData 2011-02-27 21:45 . 2011-02-27 21:45 -------- d-----w- c:\documents and settings\All Users\Programdata\PDF reDirect . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 12:55 . 2010-12-15 16:01 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-02-02 07:58 . 2010-11-21 08:36 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-11-21 08:36 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2005-10-06 03:11 1854976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-03-22_12.06.56 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-28 11:43 . 2011-03-28 11:43 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat - 2010-11-22 08:52 . 2010-02-22 14:29 17784 c:\windows\system32\spmsg.dll + 2010-11-22 08:52 . 2010-07-05 13:22 17784 c:\windows\system32\spmsg.dll + 2004-08-04 12:00 . 2011-03-28 11:35 80036 c:\windows\system32\perfc014.dat - 2004-08-04 12:00 . 2010-12-14 19:40 80036 c:\windows\system32\perfc014.dat + 2004-08-04 12:00 . 2011-03-28 11:35 71394 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2010-12-14 19:40 71394 c:\windows\system32\perfc009.dat - 2010-11-21 08:46 . 2011-03-21 07:26 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2010-11-21 08:46 . 2011-03-28 05:42 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat + 2010-11-21 08:46 . 2011-03-28 05:42 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat - 2010-11-21 08:46 . 2011-03-21 07:26 32768 c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2011-03-28 05:42 . 2011-03-28 05:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2010-11-21 08:46 . 2011-03-21 07:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-04 12:00 . 2011-03-28 11:35 444582 c:\windows\system32\perfh014.dat - 2004-08-04 12:00 . 2010-12-14 19:40 444582 c:\windows\system32\perfh014.dat + 2004-08-04 12:00 . 2011-03-28 11:35 441458 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2010-12-14 19:40 441458 c:\windows\system32\perfh009.dat + 2011-03-24 13:27 . 2011-03-24 13:27 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe + 2011-03-24 13:27 . 2011-03-24 13:27 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-22 39408] "OV2_Monitor"="c:\programfiler\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2010-11-19 230776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\programfiler\Fellesfiler\Nokia\MPlatform\NokiaMServer" [X] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 61952] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552] "RaidTool"="c:\programfiler\VIA\RAID\raid_tool.exe" [2005-08-12 1056768] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSN Toolbar"="c:\programfiler\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480] "Microsoft Default Manager"="c:\programfiler\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "RTHDCPL"="RTHDCPL.EXE" [2010-12-26 19722344] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\User\Start-meny\Programmer\Oppstart\ Outlook Express.lnk - c:\programfiler\Outlook Express\msimn.exe [2010-11-21 60416] Seagate 2GH3VEKQ Product Registration.lnk - c:\documents and settings\User\Programdata\Leadertech\PowerRegister\Seagate 2GH3VEKQ Product Registration.exe [2010-12-19 1731736] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^User^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] path=c:\documents and settings\User\Start-meny\Programmer\Oppstart\OneNote 2007 Screen Clipper og Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 16:22 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25.11.2010 16:02 64288] R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [21.11.2010 14:19 26744] R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [21.11.2010 14:19 74144] R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [21.11.2010 14:19 378000] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [23.09.2010 09:46 1405384] R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [21.11.2010 14:19 22880] R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [21.11.2010 14:19 223000] R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [21.11.2010 14:41 290472] R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [21.11.2010 14:19 90656] R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [21.11.2010 14:19 40384] R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [21.11.2010 14:19 100336] R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [21.11.2010 14:19 48272] R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [21.11.2010 14:19 23040] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [09.12.2010 11:32 288072] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [21.11.2010 14:19 24176] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\Nvcoas.exe [21.11.2010 14:19 198168] R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [21.11.2010 14:19 99312] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.11.2010 10:28 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programfiler\Lavasoft\Ad-Aware\kernexplorer.sys [23.09.2010 09:46 15232] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.01.2011 21:37 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.01.2011 21:37 8576] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [07.12.2010 16:22 11232] . --- Andre tjenester/drivere lastet i minnet --- . *Deregistered* - mchInjDrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-03-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 13:06] . 2011-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-03-28 c:\windows\Tasks\GoodSync - Backup mellom C og E (Documens and Settings).job - c:\programfiler\Siber Systems\GoodSync\GoodSync.exe [2011-01-07 07:08] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-11-22 08:28] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-11-22 08:28] . 2011-03-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2010-05-26 14:23] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ig?hl=no&source=iglk IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html LSP: c:\programfiler\Norman\ngs\bin\nlf.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://kamera.harpefossen.no/activex/AMC.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-28 17:08 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run RaidTool = c:\programfiler\VIA\RAID\raid_tool.exe? . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(1352) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5748) c:\programfiler\Norman\nvc\bin\Niphk.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2011-03-28 17:10:09 ComboFix-quarantined-files.txt 2011-03-28 15:10 ComboFix2.txt 2011-03-25 14:03 ComboFix3.txt 2011-03-22 12:22 ComboFix4.txt 2011-03-22 12:08 . Pre-Run: 186 079 223 808 byte ledig Post-Run: 186 307 461 120 byte ledig . - - End Of File - - 5DE2FFC72C841FCF865F8E689BA8D2CC Lenke til kommentar
Gavekort Skrevet 28. mars 2011 Del Skrevet 28. mars 2011 Hvor gammelt er dette anti-viruset ditt? Lenke til kommentar
Jhals Skrevet 28. mars 2011 Forfatter Del Skrevet 28. mars 2011 Hvor gammelt er dette anti-viruset ditt? Sist oppdatert: 2011.03.28 16:04:13 Lenke til kommentar
Gavekort Skrevet 28. mars 2011 Del Skrevet 28. mars 2011 Ikke databasen, men selve programmet. Jeg er bare nysgjerrig, for det ser ikke ut til å være av nyeste sorten. Lenke til kommentar
Jhals Skrevet 28. mars 2011 Forfatter Del Skrevet 28. mars 2011 Ikke databasen, men selve programmet. Jeg er bare nysgjerrig, for det ser ikke ut til å være av nyeste sorten. Versjon 8. Er ikkje så mange måneder gammel Lenke til kommentar
Jhals Skrevet 30. mars 2011 Forfatter Del Skrevet 30. mars 2011 Er det ingen som vil kikke på loggene og kanskje hjelpe meg? Lenke til kommentar
norbat Skrevet 31. mars 2011 Del Skrevet 31. mars 2011 Heisann, Får du fortsatt popup fra Norman? Lenke til kommentar
Jhals Skrevet 6. april 2011 Forfatter Del Skrevet 6. april 2011 Beklager sein respons, men har ikke vært hjemme på noen dager. Har ikke fått noe melding fra Norman idag, nei. Håper den ikke dukker opp igjen heller. Lenke til kommentar
tthomassen Skrevet 12. april 2011 Del Skrevet 12. april 2011 Beklager sein respons, men har ikke vært hjemme på noen dager. Har ikke fått noe melding fra Norman idag, nei. Håper den ikke dukker opp igjen heller. Javascript trojanere legger seg ofte i Temporary Internet Files, eller cache til browser'n. Om du tømmer browsercache fra IE, Firefox etc, lukker browserne og kjører en ny scan (gjerne fra Norman) så skal den ikke finne noe. Løser som regel problemet. Og loggene dine så vel ganske fine ut. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå