Haraldfo Skrevet 17. april 2008 Del Skrevet 17. april 2008 De siste dagene har noen sendt ut diverse linker fra MSN-kontoen min. Har kjørt gjennom den korte test-versjonen her, og alt skulle være i orden. Men i dag skjedde dette på nytt, i TILLEGG til at profilen min på Facebook har sendt ut spam-melding til samtlige av vennene mine! Rett og slett skremmende! Kjører gjennom den lange versjonen nå, og her er resultatene: SAS: Ingenting funnet. Combofix: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-16.5 - My lord 2008-04-17 20:04:06.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1355 [GMT 3:00] Running from: C:\Documents and Settings\My lord\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))) . 2008-04-17 19:43 . 2008-04-17 19:43 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-04-17 19:43 . 2008-04-17 19:43 <DIR> d-------- C:\Documents and Settings\My lord\Programdata\SUPERAntiSpyware.com 2008-04-17 19:43 . 2008-04-17 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-17 19:40 . 2008-04-17 19:40 <DIR> dr-h----- C:\Documents and Settings\My lord\Siste 2008-04-14 14:19 . 1999-12-16 17:07 25,600 --a------ C:\WINDOWS\system32\BORLNDMM.DLL 2008-04-14 14:15 . 2007-10-23 14:58 1,320,800 --a------ C:\WINDOWS\system32\MSXML6.dll 2008-04-14 14:15 . 2007-10-23 14:59 86,728 --a------ C:\WINDOWS\system32\MSXML6r.dll 2008-04-14 14:11 . 2008-04-14 14:14 <DIR> d-------- C:\Programfiler\Finale 2008-04-12 21:04 . 2008-04-12 21:04 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-12 17:17 . 2008-04-12 17:17 <DIR> d-------- C:\Programfiler\CCleaner 2008-04-12 16:40 . 2008-04-12 16:42 <DIR> d-------- C:\Programfiler\Windows Live 2008-04-12 16:40 . 2008-04-12 16:42 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-04-12 16:39 . 2008-04-12 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-04-10 22:02 . 2008-04-10 22:02 <DIR> dr-h----- C:\Documents and Settings\NetworkService\Siste 2008-04-10 17:57 . 2008-04-10 17:57 <DIR> d-------- C:\Programfiler\LimeWire . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 14:49 --------- d-----w C:\Programfiler\Norman 2008-04-14 18:47 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-14 18:46 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-14 18:44 --------- d-----w C:\Documents and Settings\My lord\Programdata\BearShare 2008-04-13 11:20 --------- d-----w C:\Programfiler\SopCast 2008-04-13 11:18 --------- d-----w C:\Documents and Settings\My lord\Programdata\SopCast 2008-04-12 13:36 --------- d-----w C:\Programfiler\MSN Messenger 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 13:55 68856] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 15:47 7311360] "nwiz"="nwiz.exe" [2005-11-11 15:47 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 15:47 86016] "CTHelper"="CTHELPER.EXE" [2005-06-18 09:01 16384 C:\WINDOWS\CTHELPER.EXE] "DPAgnt"="C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 19:24 913408] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 11:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 11:50 204800] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 22:00 110592 C:\WINDOWS\system32\bthprops.cpl] "REGSHAVE"="C:\Programfiler\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-05-15 01:22 35328] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-12-17 15:37 273520] "NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 15:29 126008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\Belkin\Bluetooth Software\BTTray.exe [2003-09-16 19:14:28 499779] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-03-04 18:20:22 294912] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ] C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 19:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Programfiler\\PPLive\\PPLive.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\PPMate\\PPMate\\ppmate.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "C:\\Programfiler\\TVAnts\\Tvants.exe"= "C:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2008-01-24 12:23] R1 NPROSEC;Norman Security driver;C:\Programfiler\Norman\Ngs\bin\nprosec.sys [2007-09-06 09:37] R1 TDI_RD;Norman Firewall TDI driver;C:\WINDOWS\system32\drivers\TDI_RD.SYS [2007-05-14 11:51] R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Programfiler\Norman\npf\bin\npfsvc32.exe" [2008-01-28 11:21] R2 NPROSECSVC;Norman Security service;"C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE" [2007-11-27 16:13] R2 NVOY;Norman's Very Own supplY of resources;"C:\Programfiler\Norman\npm\bin\nvoy.exe" [2008-01-22 16:04] R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 17:58] R3 NPC;Norman Parental Control;"C:\Programfiler\Norman\npc\bin\npcsvc32.exe" [2007-09-17 15:23] R3 NUAA;Norman User Activity Agent;"C:\Programfiler\Norman\npc\bin\nuaa.exe" [2007-09-17 15:22] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;"C:\Programfiler\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 15:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41] R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-04 17:59] *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2008-04-17 16:39:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 20:05:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-17 20:06:29 ComboFix-quarantined-files.txt 2008-04-17 17:06:04 ComboFix2.txt 2008-04-12 14:00:39 Pre-Run: 215,867,445,248 byte ledig Post-Run: 215,859,478,528 byte ledig . 2008-04-08 20:55:52 --- E O F --- HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:14:03, on 17.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\npc\bin\npcsvc32.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\npc\bin\nuaa.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\CTHELPER.EXE C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Belkin\Bluetooth Software\BTTray.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Norman\npf\bin\npfuser.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\test\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpool.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.111.12 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Skype\Plugin Manager\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 11258 bytes Håper noen kan hjelpe meg å bli kvitt dette svineriet! Lenke til kommentar
Haraldfo Skrevet 17. april 2008 Forfatter Del Skrevet 17. april 2008 Kjørte en ny HJT, nå lagret på skrivebordet: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:18:28, on 17.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\DigitalPersona\Bin\DPWinLct.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\Programfiler\Norman\npm\bin\nvoy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\npf\bin\npfsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe C:\Programfiler\DigitalPersona\Bin\DpHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\Programfiler\Norman\npc\bin\npcsvc32.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\npc\bin\nuaa.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\CTHELPER.EXE C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\Belkin\Bluetooth Software\BTTray.exe C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Norman\npf\bin\npfuser.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\My lord\Skrivebord\Test.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liverpool.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.111.12 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [DPAgnt] C:\Programfiler\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [REGSHAVE] C:\Programfiler\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Pacific Fighters.LNK = D:\registration_us\RegistrationReminder.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Send To &Bluetooth - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O10 - Unknown file in Winsock LSP: c:\programfiler\norman\npc\bin\nlf.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Skype\Plugin Manager\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Programfiler\DigitalPersona\Bin\DpHost.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programfiler\Norman\npc\bin\npcsvc32.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programfiler\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programfiler\Norman\Ngs\bin\NPROSEC.EXE O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programfiler\Norman\npc\bin\nuaa.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programfiler\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 11264 bytes Lenke til kommentar
Haraldfo Skrevet 17. april 2008 Forfatter Del Skrevet 17. april 2008 Hmm... kjørte hurtig-testen på SAS nå, og da ble resultatet 40 detected, fordelt på følgende to områder: - Adware.TrackingCookie - Adware.BargainBuddy/Navisearch I alle fall så lettet jeg disse og restartet maskinen. Er det forresten noen av disse programmene sin fortjeneste at alle hurtigaddressene på explorer (søkelinjen) er borte? Lenke til kommentar
snippsat Skrevet 17. april 2008 Del Skrevet 17. april 2008 (endret) Last ned MSNFix, og pakk det ut på skrivebordet. Kjør filen 'MSNFix.bat'. Følg veiledningen Forandere passord på msnkontoen din. Se om dette stopper det. Skal se litt nøyere på combofix loggen,så raskt over loggen fant ikke noe grums ved første øyekast. Endret 17. april 2008 av SNIPPSAT Lenke til kommentar
norbat Skrevet 17. april 2008 Del Skrevet 17. april 2008 Loggene ser greie ut. Vil tro at et passordbytte løser problemet ditt. At adressene er forsvunnet, kan skyldes CCleaner. Du bør oppdatere Java: http://java.com/en/download/index.jsp Lenke til kommentar
Haraldfo Skrevet 17. april 2008 Forfatter Del Skrevet 17. april 2008 MSNfix fant ingen ting. Ellers har jeg byttet passord på hotmail (msn) og facebook. I tillegg har jeg gått over hver eneste profil jeg har i vennelisten min og slettet meldingen min... anbefales ikke... Men hvordan er det med alle andre passord? Kan jeg trygt logge inn i nettbank f.eks? Det at facebook ble infiltrert kan skyldes at jeg hadde lagret passordet mitt på påloggingen (samme på hotmail). Kan det være virus, eller noe annet som ikke vises på disse loggene? Ps: Takk for hjelpen! Lenke til kommentar
norbat Skrevet 17. april 2008 Del Skrevet 17. april 2008 Det har vært en del tilfeller der noen benytter seg av andres msn-konto til å sende ut reklame/spam. Ved å bytte passord skulle dette være nok til at denne aktiviteten opphører da det ikke ligger noen infeksjon på PC-en. Loggene dine viser heller ingen andre 'infeksjoner' (keyloggere, rootkit etc.), så jeg mener du trygt kan bruke nettbanken din og evt. andre tjenester slik du er vant til. Du får gi lyd fra deg om det fortsatt er knyttet uregelmessige aktiviteter til MSN. Lenke til kommentar
r2d290 Skrevet 17. april 2008 Del Skrevet 17. april 2008 (endret) Det at facebook ble infiltrert kan skyldes at jeg hadde lagret passordet mitt på påloggingen (samme på hotmail). (spørsmål til norbat/snippsat) blir man mer usikker for folk utenfra dersom du lagrer passordene? Hva skjer egentlig når man velger "lagre passord" ved å: -trykke på "lagre passord" i hotmail e.l. -trykke på "husk passord" i nettlesere (som firefox) ? Hvor, og hvordan blir passordene lagret? Er det kryptert, og vises det i klartekst i en eller annen cookie? Endret 17. april 2008 av r2d290 Lenke til kommentar
Haraldfo Skrevet 17. april 2008 Forfatter Del Skrevet 17. april 2008 Det har vært en del tilfeller der noen benytter seg av andres msn-konto til å sende ut reklame/spam. Ved å bytte passord skulle dette være nok til at denne aktiviteten opphører da det ikke ligger noen infeksjon på PC-en.Loggene dine viser heller ingen andre 'infeksjoner' (keyloggere, rootkit etc.), så jeg mener du trygt kan bruke nettbanken din og evt. andre tjenester slik du er vant til. Du får gi lyd fra deg om det fortsatt er knyttet uregelmessige aktiviteter til MSN. Ok, takk for informasjonen. Satser på at ting normaliserer seg nå, og at jeg slipper å gå gjennom samme suppa på nytt igjen. En annen teori kan forresten være at når "inntrengeren" har fått fatt i et passord så kan han logge seg inn på de sidene hvor brukeren har samme brukernavn (mail-addresse) og passord. Jeg hadde nemlig samme passord på msn og facebook. Lenke til kommentar
r2d290 Skrevet 18. april 2008 Del Skrevet 18. april 2008 Bruk pc-en en ukes tid. Hvis alt fungerer som det skal, gjør følgende: åpne startmenyen, velg kjør/run, skriv: combofix /u dette vil avinstallere combofix, sette et gjenopprettingspunkt mm. Du kan også (hvis du mener problemet er løst) endre emnetittelen på tråden din, ved å gjøre følgende: -Trykk på "rediger" i første post -Velg full redigering -Skriv: [LØST] foran emnetittelen din. Dette vil gjøre det mer ryddig i "antivirusprogrammer og datasikkerhet" kategorien av forumet Lenke til kommentar
Haraldfo Skrevet 18. april 2008 Forfatter Del Skrevet 18. april 2008 Avinstallerte combifix allerede i går jeg... Skal la det gå noen dager, og se hvordan pcèn fungerer. Skal endre emnetittelen om jeg føler at den kan friskmeldes. Igjen, takk for hjelpen folkens! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå