langvandre Skrevet 27. august 2008 Rapporter Del Skrevet 27. august 2008 (endret) Kan noen hjelpe meg? Jeg opplever at ved venstreklikk på mapper i utforsker, så åpnes en nettadresse etter at jeg har klikket Nei i en dialog som popper opp. Dialogen sier noe tull om at jeg har fått virus bla, bla Dette skjer ikke hver gang jeg klikker på mapper og er litt tilfeldig ettersom hvilken mappe jeg velger... I IE er problemet stort. De er nesten umulig å få gjort noe fordi nettsider vises uten at jeg ber om det... og adresselinja viser about:blank Enda godt jeg helst bruker Firefox. Jeg har sjekka tjenester som kjører. Har også sjekket explorer.exe for å se om det er noe galt, men det virker ikke sånn. Størrelse, og dato virker ok og den er fortsatt norsk... En yndet adresse nå er http://free-viruscan.com Kan noen si noe generelt om hvordan dette er mulig? Har noen lignende erfaringer? Endret 2. september 2008 av langvandre Lenke til kommentar
snippsat Skrevet 27. august 2008 Rapporter Del Skrevet 27. august 2008 (endret) Gjør dette. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Endret 27. august 2008 av SNIPPSAT Lenke til kommentar
langvandre Skrevet 27. august 2008 Forfatter Rapporter Del Skrevet 27. august 2008 Gjør dette.--- . . . post logg C:\combofix.txt Takk for kjapt svar SNIPPSAT. Det gjorde susen! Vanskelig å vite hvilke Malware fjernere som funker, men nå vet jeg det Bruker ellers Fix-IT mot virus. En liten bemerkning til slutt... det må da være lurere av disse plageåndene, de som lager dette rotet, å la ting foregå i stillhet. En merker jo kjapt om Pc'n er infisert ------------ MBAM log Malwarebytes' Anti-Malware 1.25 Database versjon: 1088 Windows 5.1.2600 Service Pack 3 12:44:21 27.08.2008 mbam-log-08-27-2008 (12-44-21).txt Skanntype: Rask Skann Objekter skannet: 57379 Tid tilbakelagt: 9 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 7 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\dwvk.dll (Trojan.FakeAlert) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf4bff2b-b9c5-4c11-ab65-b3baccbf2c6e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ecd99db2-abfa-46ae-a7ee-16d0ddb78258} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\nimo (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\dwvk.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Egill\results.txt (Malware.Trace) -> Quarantined and deleted successfully. ------------- ComboFix log ComboFix 08-08-26.02 - Egill 2008-08-27 13:02:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.419 [GMT 2:00] Running from: C:\Documents and Settings\Egill\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Egill\Programdata\macromedia\Flash Player\#SharedObjects\ZLCXSNPZ\bin.clearspring.com C:\Documents and Settings\Egill\Programdata\macromedia\Flash Player\#SharedObjects\ZLCXSNPZ\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Egill\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Egill\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 13:11 . 2008-08-27 13:11 53,248 --a------ C:\Temp\catchme.dll 2008-08-27 13:03 . 2008-08-27 13:03 <DIR> d-------- C:\Temp\WPDNSE 2008-08-27 12:32 . 2008-08-27 12:43 <DIR> d-------- C:\Programfiler\MBAM 2008-08-27 12:32 . 2008-08-27 12:32 <DIR> d-------- C:\Documents and Settings\Egill\Programdata\Malwarebytes 2008-08-27 12:32 . 2008-08-27 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-27 12:32 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-27 12:32 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-26 14:54 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000002_.tmp 2008-08-26 13:14 . 2008-08-26 13:14 <DIR> d--h----- C:\VCOM 2008-08-26 10:48 . 2008-08-26 10:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-26 10:48 . 2008-08-26 10:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-10 23:38 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0009 2008-08-10 23:38 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0008 2008-08-10 22:53 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0007 2008-08-10 22:53 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0006 2008-08-10 22:21 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0005 2008-08-10 22:21 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0002 2008-08-10 21:37 . 2008-08-27 13:10 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0004 2008-08-10 21:26 . 2008-08-10 23:37 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0001 2008-08-10 21:26 . 2008-08-10 22:00 <DIR> d-------- C:\Temp\Adobelm_Cleanup.0001.dir.0000 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 11:11 --------- d-----w C:\Programfiler\PeerGuardian2 2008-08-27 10:58 --------- d-----w C:\Programfiler\Firefox 2008-08-26 10:23 --------- d-----w C:\Documents and Settings\Egill\Programdata\Skype 2008-08-25 22:03 --------- d-----w C:\Documents and Settings\Egill\Programdata\skypePM 2008-07-17 19:52 --------- d-----w C:\Programfiler\Java 2008-01-17 16:41 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="C:\Programfiler\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 09:23 1695232] "LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136] "Fix-It AV"="C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe" [2005-05-10 21:07 32768] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2005-10-07 15:13 176128] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 10:08 1347584] "DiskeeperSystray"="C:\Programfiler\Diskeeper\DkIcon.exe" [2006-06-07 12:35 319488] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752] "LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "nwiz"="nwiz.exe" [2004-10-26 13:01 921600 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] C:\Documents and Settings\Egill\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-18 22:28:42 25214] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Start 3DxWare.lnk - C:\Programfiler\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2007-07-10 18:54:02 118272] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "P:\EuShlExt.dll" [2004-08-27 11:10 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dllzwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2008-04-23 02:08 483328 C:\Programfiler\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-03-12 13:49 153136 C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] --a------ 2006-03-30 17:45 313472 C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2005-12-08 16:56] S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2005-12-01 10:35] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 06:29] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCSuiteTrayApplication - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE HKU-Default-RunOnce-3DxAssociateFileExts - C:\Programfiler\3Dconnexion\3Dconnexion 3DxSoftware\3DxViewer\register.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Egill\Programdata\Mozilla\Firefox\Profiles\1w2dfwsz.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startsiden.no/ FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Programfiler\Firefox\plugins\np32dsw.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npdivx32.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npnul32.dll FF -: plugin - C:\Programfiler\Firefox\plugins\nppdf32.dll FF -: plugin - C:\Programfiler\Firefox\plugins\nppl3260.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin2.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin3.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin4.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin5.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin6.dll FF -: plugin - C:\Programfiler\Firefox\plugins\npqtplugin7.dll FF -: plugin - C:\Programfiler\Firefox\plugins\nprjplug.dll FF -: plugin - C:\Programfiler\Firefox\plugins\nprpjplug.dll FF -: plugin - C:\Programfiler\Firefox\plugins\NPSWF32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 13:11:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-27 13:16:08 ComboFix-quarantined-files.txt 2008-08-27 11:15:26 Pre-Run: 933,965,824 byte ledig Post-Run: 4,587,839,488 byte ledig 165 Lenke til kommentar
snippsat Skrevet 27. august 2008 Rapporter Del Skrevet 27. august 2008 Ja ser bra ut. Litt opprydding. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
langvandre Skrevet 27. august 2008 Forfatter Rapporter Del Skrevet 27. august 2008 Jeg takker igjen for meget god hjelp. Det er hyggelig å vite at hjelpen er nær :-) Lenke til kommentar
r2d290 Skrevet 27. august 2008 Rapporter Del Skrevet 27. august 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå