[LØST] Er man sikker med F-Secure Client Security?

Experimentus · 14. mai 2008

Jeg har sikkerhetsløsningen (blant annet brannmur og antivirusprogram) Client Security fra F-Secure. Jeg lurer på om man kan regne seg som sikker hvis man har dette? Jeg lastet nemlig den en slags sikkerhetsoppdatering til Vista, og den sa jeg hadde virus men bad meg fjerne det med et antivirusprogram. Jeg foretok derfor en scanning av maskinen, men programmet fant ingenting. Når jeg reboota nå fant imidlertid det Windows-programmet ingenting. For da jeg fikk meldingen om at maskinen var infisert hadde jeg nemlig akkurat boota.

Jeg er redd det er en slags trojaner på maskinen min som snapper opp hvilke taster jeg trykker på når jeg skal logge meg inn i nettbanken...

Men antivirusprogrammet er alltid oppdatert.

Endret 17. mai 2008 av Experimentus

snippsat · 14. mai 2008

F-secure er bra.

Jeg lastet nemlig den en slags sikkerhetsoppdatering til Vista

Nå kan det nok komme noen false posetivs meldinger fra den kanten.

Jeg er redd det er en slags trojaner på maskinen min som snapper opp hvilke taster jeg trykker på når jeg skal logge meg inn i nettbanken...

Vi kan sjekke om det er noe grums,tror f-secure har kontrol på dette.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 14. mai 2008 av SNIPPSAT

Fruktkake · 14. mai 2008

De kan ikke logge inn på din nettbank ettersom du alltid har en ny kode.

Experimentus · 16. mai 2008

F-secure er bra.

Jeg lastet nemlig den en slags sikkerhetsoppdatering til Vista

Nå kan det nok komme noen false posetivs meldinger fra den kanten.

Jeg er redd det er en slags trojaner på maskinen min som snapper opp hvilke taster jeg trykker på når jeg skal logge meg inn i nettbanken...

Vi kan sjekke om det er noe grums,tror f-secure har kontrol på dette.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Har ikke fått flere beskjeder fra Vista (eller fra annet hold) om at maskinen er infisert. Var bare den ene gangen.

Men det kan jo hende jeg har fått meg et virus som ikke ligger i databasen til F-Secure.

Hva gjør Combofix, hva om det også er et virus?

De kan ikke logge inn på din nettbank ettersom du alltid har en ny kode.

Sant det.

Men jeg vil uansett ikke bli overvåka.

snippsat · 16. mai 2008

Hva gjør Combofix, hva om det også er et virus?

Se deg litt om i denne delen av forumet så skjønner du kansje at combofix ikke er et virus,men et av de kraftigeste verktøy som finnes for manuel fjerning av virus-spyware.

Endret 16. mai 2008 av SNIPPSAT

Experimentus · 16. mai 2008

Her er loggen fra ComboFix. Rett etter at det blå vinduet kom opp, rapporterte F-Secure om et virus, som jeg ba F-Secure om å desinfisere. Da sa det "could not disinfect, object was renamed". Jeg skjønte ikke det, engang, jeg.

ComboFix 08-05-15.3 - Magnus 2008-05-16 14:17:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.1.1044.18.2034 [GMT 2:00]
Running from: C:\Users\Magnus\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-04-16 to 2008-05-16  )))))))))))))))))))))))))))))))
.

2008-05-15 16:33 . 2008-05-16 14:04	<DIR>	d--------	C:\Users\Magnus\.jedit
2008-05-15 16:32 . 2008-05-15 16:33	<DIR>	d--------	C:\Program Files\jEdit
2008-05-15 16:14 . 2007-01-31 13:45	127,376	--a------	C:\Windows\System32\drivers\dne2000.sys
2008-05-15 16:14 . 2007-01-31 13:45	101,904	--a------	C:\Windows\System32\dneinobj.dll
2008-05-15 16:13 . 2008-05-15 16:13	<DIR>	d--------	C:\Program Files\Common Files\Deterministic Networks
2008-05-15 16:13 . 2008-05-15 16:13	<DIR>	d--------	C:\Program Files\Cisco Systems
2008-05-15 16:13 . 2008-05-15 16:15	1,594	--a------	C:\Windows\VPNInstall.MIF
2008-05-15 16:00 . 2008-05-15 16:01	<DIR>	d--------	C:\Program Files\WinSCP
2008-05-14 19:47 . 2008-05-16 14:16	<DIR>	d--------	C:\327882R2FWJFW
2008-05-14 09:32 . 2008-05-14 09:32	118	--a------	C:\Windows\System32\MRT.INI
2008-05-13 17:46 . 2008-05-13 17:46	0	--ah-----	C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-13 11:56 . 2008-05-13 11:56	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-05-12 16:27 . 2008-05-12 16:27	<DIR>	d--------	C:\Program Files\NeroInstall.bak
2008-05-12 16:21 . 2008-05-12 16:21	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\Nero
2008-05-12 16:16 . 2008-05-12 16:16	<DIR>	d--------	C:\Users\All Users\Nero
2008-05-12 16:16 . 2008-05-12 16:16	<DIR>	d--------	C:\ProgramData\Nero
2008-05-12 16:16 . 2008-05-12 16:16	<DIR>	d--------	C:\Program Files\Nero
2008-05-12 16:16 . 2008-05-12 16:20	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-05-12 16:05 . 2008-05-12 16:05	229,527,141	--a------	C:\Windows\MEMORY.DMP
2008-05-11 16:17 . 2008-05-11 16:17	<DIR>	d--------	C:\Program Files\Sun
2008-05-11 16:13 . 2008-05-11 16:17	<DIR>	d--------	C:\Program Files\Java
2008-05-11 16:13 . 2008-05-11 16:13	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-05-08 01:13 . 2008-05-08 01:13	<DIR>	d--------	C:\Windows\System32\Macromed
2008-05-07 20:58 . 2008-05-14 09:08	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\uTorrent
2008-05-07 20:58 . 2008-05-07 20:58	<DIR>	d--------	C:\Program Files\uTorrent
2008-05-07 17:39 . 2008-05-07 17:39	4,096	--a------	C:\Windows\d3dx.dat
2008-05-07 16:17 . 2006-10-26 19:56	32,592	--a------	C:\Windows\System32\msonpmon.dll
2008-05-07 16:16 . 2008-05-07 16:16	<DIR>	d--------	C:\Program Files\Microsoft Works
2008-05-07 16:15 . 2008-05-07 16:15	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-05-07 16:12 . 2008-05-07 16:12	<DIR>	d--------	C:\Windows\SHELLNEW
2008-05-07 16:11 . 2008-05-14 09:33	<DIR>	d--------	C:\Users\All Users\Microsoft Help
2008-05-07 16:11 . 2008-05-14 09:33	<DIR>	d--------	C:\ProgramData\Microsoft Help
2008-05-07 16:10 . 2008-05-07 16:10	<DIR>	dr-h-----	C:\MSOCache
2008-05-07 14:49 . 2008-01-19 09:33	2,623,488	--a------	C:\Windows\System32\SLsvc.exe
2008-05-07 14:49 . 2008-01-19 09:36	1,541,120	--a------	C:\Windows\System32\onex.dll
2008-05-07 14:47 . 2008-01-19 07:46	4,240,384	--a------	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-07 14:46 . 2008-01-19 09:35	4,875,776	--a------	C:\Windows\System32\NlsData0009.dll
2008-05-07 14:45 . 2008-01-19 09:35	9,847,296	--a------	C:\Windows\System32\NlsData000a.dll
2008-05-07 14:44 . 2008-01-19 09:35	3,072,000	--a------	C:\Windows\System32\networkmap.dll
2008-05-07 14:43 . 2008-01-19 09:34	6,103,040	--a------	C:\Windows\System32\chtbrkr.dll
2008-05-07 14:42 . 2008-01-19 08:06	8,147,456	--a------	C:\Windows\System32\wmploc.DLL
2008-05-07 14:41 . 2008-01-19 09:36	704,512	--a------	C:\Windows\System32\SmiEngine.dll
2008-05-07 14:41 . 2008-01-19 09:36	357,888	--a------	C:\Windows\System32\wbemcomn.dll
2008-05-07 14:41 . 2008-01-19 09:36	218,624	--a------	C:\Windows\System32\wdscore.dll
2008-05-07 14:41 . 2008-01-19 09:36	139,264	--a------	C:\Windows\System32\SmiInstaller.dll
2008-05-07 14:41 . 2008-01-19 09:33	130,560	--a------	C:\Windows\System32\PkgMgr.exe
2008-05-07 14:40 . 2008-01-19 09:34	305,152	--a------	C:\Windows\System32\msdelta.dll
2008-05-07 14:40 . 2008-01-19 09:34	258,560	--a------	C:\Windows\System32\dpx.dll
2008-05-07 14:40 . 2008-01-19 09:34	246,784	--a------	C:\Windows\System32\drvstore.dll
2008-05-07 14:40 . 2008-01-19 09:35	35,328	--a------	C:\Windows\System32\mspatcha.dll
2008-05-07 14:18 . 2007-11-14 15:18	553	--a------	C:\Windows\USetup.iss
2008-05-07 14:16 . 2008-05-07 15:11	<DIR>	d--------	C:\Windows\System32\RTCOM
2008-05-07 14:16 . 2007-12-18 19:42	98,304	--a------	C:\Windows\RTKAUDIOSERVICE.EXE
2008-05-07 14:15 . 2008-05-07 14:15	<DIR>	d--------	C:\Program Files\Common Files\InstallShield
2008-05-07 13:38 . 2008-05-11 11:53	<DIR>	d--------	C:\Public
2008-05-07 13:23 . 2008-05-07 13:23	<DIR>	d--------	C:\Program Files\Alcohol Soft
2008-05-07 13:15 . 2008-05-07 13:15	716,272	--a------	C:\Windows\System32\drivers\sptd.sys
2008-05-07 12:31 . 2008-05-08 15:20	<DIR>	d--------	C:\Musikk
2008-05-07 11:45 . 2008-05-07 11:46	<DIR>	d--------	C:\Users\All Users\Adobe
2008-05-07 11:44 . 2008-05-07 11:45	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-05-07 11:01 . 2008-05-07 11:01	0	--a------	C:\Windows\ativpsrm.bin
2008-05-07 10:57 . 2008-05-07 10:57	<DIR>	d--------	C:\Program Files\ATI Technologies
2008-05-07 10:57 . 2008-05-07 10:57	<DIR>	d--------	C:\Program Files\ATI
2008-05-07 03:29 . 2008-05-07 02:34	<DIR>	d--------	C:\Windows\Panther
2008-05-07 03:29 . 2008-05-07 15:31	<DIR>	d--hs----	C:\Boot
2008-05-07 03:29 . 2008-01-19 09:45	333,203	-rahs----	C:\bootmgr
2008-05-07 03:29 . 2008-05-07 03:29	8,192	-ra-s----	C:\BOOTSECT.BAK
2008-05-07 02:31 . 2008-05-14 09:33	<DIR>	d--------	C:\Windows\System32\catroot2
2008-05-07 02:31 . 2008-05-06 22:20	<DIR>	d--------	C:\Windows\Debug
2008-05-07 02:30 . 2008-05-07 02:30	524,288	--ahs----	C:\Windows\System32\config\systemprofile\ntuser.dat{bd094e14-1bcc-11dd-b9d0-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2008-05-07 02:30 . 2008-05-16 14:17	524,288	--ahs----	C:\Windows\System32\config\systemprofile\ntuser.dat{bd094e14-1bcc-11dd-b9d0-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2008-05-07 02:30 . 2008-05-16 14:17	65,536	--ahs----	C:\Windows\System32\config\systemprofile\ntuser.dat{bd094e14-1bcc-11dd-b9d0-806e6f6e6963}.TM.blf
2008-05-07 00:30 . 2008-05-07 00:30	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\Media Player Classic
2008-05-07 00:28 . 2008-05-07 00:28	<DIR>	d--------	C:\Program Files\Combined Community Codec Pack
2008-05-06 23:13 . 2008-05-06 23:13	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\Thunderbird
2008-05-06 23:13 . 2008-05-06 23:13	<DIR>	d--------	C:\Program Files\Mozilla Thunderbird
2008-05-06 23:02 . 2008-05-15 02:26	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\X-Chat 2
2008-05-06 23:02 . 2008-05-06 23:02	<DIR>	d--------	C:\Program Files\xchat
2008-05-06 22:38 . 2008-05-06 22:38	1,820	--a------	C:\Windows\System32\rasctrnm.h
2008-05-06 22:29 . 2008-01-19 09:34	15,872	--a------	C:\Windows\System32\hcrstco.dll
2008-05-06 22:29 . 2006-11-02 11:46	8,704	--a------	C:\Windows\System32\hccoin.dll
2008-05-06 22:26 . 2008-05-06 22:26	988,216	--a------	C:\Windows\System32\winload.exe
2008-05-06 22:26 . 2008-05-06 22:26	927,288	--a------	C:\Windows\System32\winresume.exe
2008-05-06 22:26 . 2008-05-06 22:26	615,992	--a------	C:\Windows\System32\ci.dll
2008-05-06 22:26 . 2008-05-06 22:26	378,368	--a------	C:\Windows\System32\srcore.dll
2008-05-06 22:26 . 2008-05-06 22:26	318,464	--a------	C:\Windows\System32\rstrui.exe
2008-05-06 22:26 . 2008-05-06 22:26	46,592	--a------	C:\Windows\System32\setbcdlocale.dll
2008-05-06 22:26 . 2008-05-06 22:26	40,960	--a------	C:\Windows\System32\srclient.dll
2008-05-06 22:26 . 2008-05-06 22:26	19,000	--a------	C:\Windows\System32\kd1394.dll
2008-05-06 22:26 . 2008-05-06 22:26	14,848	--a------	C:\Windows\System32\srdelayed.exe
2008-05-06 22:26 . 2008-05-06 22:26	6,656	--a------	C:\Windows\System32\kbd106n.dll
2008-05-06 22:24 . 2008-05-06 22:24	2,032,128	--a------	C:\Windows\System32\win32k.sys
2008-05-06 22:24 . 2008-05-06 22:24	295,936	--a------	C:\Windows\System32\gdi32.dll
2008-05-06 22:17 . 2008-05-06 22:17	1,383,424	--a------	C:\Windows\System32\mshtml.tlb
2008-05-06 22:17 . 2008-05-06 22:17	826,880	--a------	C:\Windows\System32\wininet.dll
2008-05-06 21:36 . 2008-05-06 21:36	<DIR>	d--------	C:\Windows\PCHEALTH
2008-05-06 21:28 . 2008-05-06 21:36	<DIR>	d--------	C:\Program Files\Windows Live
2008-05-06 21:28 . 2008-05-06 21:35	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-06 21:24 . 2008-05-06 21:27	<DIR>	d--------	C:\Users\All Users\WLInstaller
2008-05-06 21:24 . 2008-05-06 21:27	<DIR>	d--------	C:\ProgramData\WLInstaller
2008-05-06 21:17 . 2008-05-11 16:57	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\F-Secure
2008-05-06 21:12 . 2007-08-27 15:23	572,528	--a------	C:\Windows\System32\msvcp50.dll
2008-05-06 21:12 . 2007-08-27 15:19	69,136	--a------	C:\Windows\System32\drivers\fsdfw.sys
2008-05-06 21:12 . 2007-08-27 15:18	34,736	--a------	C:\Windows\System32\drivers\fses.sys
2008-05-06 21:11 . 2008-05-06 21:12	<DIR>	d--------	C:\Users\All Users\F-Secure
2008-05-06 21:11 . 2008-05-06 21:12	<DIR>	d--------	C:\ProgramData\F-Secure
2008-05-06 21:11 . 2008-05-06 21:12	<DIR>	d--------	C:\Program Files\F-Secure
2008-05-06 21:10 . 2008-05-15 16:15	<DIR>	d--hs----	C:\Windows\Installer
2008-05-06 21:00 . 2008-05-06 21:00	<DIR>	d--------	C:\Users\Magnus\AppData\Roaming\InstallShield
2008-05-06 21:00 . 2008-05-07 14:15	<DIR>	d--------	C:\Program Files\Realtek
2008-05-06 21:00 . 2008-05-07 14:15	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information
2008-05-06 21:00 . 2008-01-25 16:46	106,496	--a------	C:\Windows\System32\drivers\Rtlh86.sys
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	dr-------	C:\Users\Magnus\Videos
2008-05-06 02:41 . 2008-05-06 22:58	<DIR>	dr-------	C:\Users\Magnus\Searches
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	dr-------	C:\Users\Magnus\Saved Games
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	dr-------	C:\Users\Magnus\Pictures
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	dr-------	C:\Users\Magnus\Music
2008-05-06 02:41 . 2008-05-06 22:58	<DIR>	dr-------	C:\Users\Magnus\Links
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	dr-------	C:\Users\Magnus\Downloads
2008-05-06 02:41 . 2008-05-12 15:43	<DIR>	dr-------	C:\Users\Magnus\Documents
2008-05-06 02:41 . 2008-05-06 22:59	<DIR>	dr-------	C:\Users\Magnus\Contacts
2008-05-06 02:41 . 2008-05-06 02:41	<DIR>	d--h-----	C:\Users\Magnus\AppData
2008-05-06 02:41 . 2008-05-15 16:33	<DIR>	d--------	C:\Users\Magnus
2008-05-06 02:41 . 2008-05-06 21:14	524,288	--ahs----	C:\Users\Magnus\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
2008-05-06 02:41 . 2008-05-15 16:16	524,288	--ahs----	C:\Users\Magnus\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 07:33	---------	d-----w	C:\Program Files\Windows Mail
2008-05-07 13:31	174	--sha-w	C:\Program Files\desktop.ini
2008-05-07 13:25	---------	d-----w	C:\Program Files\Windows Sidebar
2008-05-07 13:25	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-05-07 13:25	---------	d-----w	C:\Program Files\Windows Defender
2008-05-07 13:25	---------	d-----w	C:\Program Files\Windows Collaboration
2008-05-07 13:25	---------	d-----w	C:\Program Files\Windows Calendar
2008-05-07 13:04	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-05-07 13:04	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-05-07 12:15	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-05-07 12:15	315,392	----a-w	C:\Windows\HideWin.exe
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Start-meny
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Skrivebord
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Programdata
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Maler
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Favoritter
2008-05-06 00:38	---------	d-sh--w	C:\ProgramData\Dokumenter
2008-05-06 00:38	---------	d-sh--w	C:\Program Files\Fellesfiler
2008-02-28 15:38	972,072	----a-w	C:\Windows\UNNeroMediaHome.exe
2008-02-26 14:14	972,072	----a-w	C:\Windows\UNRecode.exe
2008-02-18 14:04	95,600	----a-w	C:\Windows\System32\NeroCo.dll
2008-01-19 07:33	868,096	--sh--r	C:\Windows\System32\wplayer.exe
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 15:21 182952]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 15:20 895600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 11:02 4718592 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 18:15 1826816 C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft"="wplayer.exe" [2008-01-19 09:33 868096 C:\Windows\System32\wplayer.exe]

C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-05-15 16:15:20 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1FACD13-6C8A-4C4D-BC53-6258C5F4F78C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7280E2FF-1148-45B9-89B3-25670F186BC7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D84DBCB3-48D4-4E71-A3B1-E0112A4F6515}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 23:23]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [2007-08-27 15:20]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-08-27 15:18]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-08-27 15:19]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 15:17]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-10 13:43]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 15:17]
R3 RTHDMIAzAudService;Service for HDMI;C:\Windows\system32\drivers\RtHDMIV.sys [2007-05-14 09:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 15:18]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-05-16 14:20:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\iertutil.dll
.
Completion time: 2008-05-16 14:21:52
ComboFix-quarantined-files.txt  2008-05-16 12:21:48

Pre-Run: 662,617,448,448 byte ledig
Post-Run: 663,404,855,296 byte ledig

236	--- E O F ---	2008-05-16 11:15:44

snippsat · 16. mai 2008

Logge er er fin :thumbup:

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Surf trygt.

Experimentus · 16. mai 2008

Yey!

Takk for hjelpen.

r2d290 · 17. mai 2008

Problemet er løst?

Da kan du endre emnetittelen, ved å redigere førsteposten din med FULL redigering, og skrive:

[LØST]

foran emnetittelen din. Dette vil hjelpe til med å gjøre denne delen av forumet mer ryddig

Logg inn

[LØST] Er man sikker med F-Secure Client Security?

Anbefalte innlegg

Experimentus

Videoannonse

snippsat

Fruktkake

Experimentus

snippsat

Experimentus

snippsat

Experimentus

r2d290

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer