billywillie Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 Har fått det nye messengerviruset som sender bilder til alle i kontaktlista. Kjører malwarebytes rask scan og den finner ingenting. når jeg kjører full scan så henger den seg når den kommer til c:\system Volume Information\DFSR\Config\dfsrMachineConfig.XML. (har prøvd 3 ganger og det samme skjer hver gang. Har også prøvd msn.fix men der får jeg bare beskjed om ingen tilgang. Noen som har løsning. kjører windows vista Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Det er ikke nødvendig å kjøre full skann. Fant den ikke noe på rask skann (du har oppdatert?), så la mbam få ligge i fred. Hvis du ikke kjører 64 bits Vista, så gjør følgende: Last ned DDS.scr til skrivebordet. Kjør programmet og post dds.txt loggen (ikke attach.txt) Eventuelt: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Endret 31. januar 2009 av norbat Lenke til kommentar
billywillie Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 ok her er dds loggen DDS (Ver_09-01-19.01) - NTFSx86 Run by Terje at 22:30:24,15 on 31.01.2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.47.1044.18.1916.1069 [GMT 1:00] AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Updated) FW: Personlig brannmur *enabled* ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Norman\Npm\Bin\Elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Norman\npf\bin\npfsvc32.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Norman\Npm\Bin\Nvcsched.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Norman\npc\bin\npcsvc32.exe C:\Program Files\Norman\nse\bin\NSESVC.EXE C:\Program Files\Norman\npc\bin\nuaa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\wauclt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\mobsync.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\conime.exe C:\Program Files\Opera\opera.exe C:\Users\Terje\Desktop\dds.scr C:\Windows\system32\consent.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI; BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [OSD] c:\program files\c&e\osd\osd.exe mRun: [updateP2GShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0" mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [services Manager] wauclt.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\norman\npc\bin\nlf.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233403693740&h=bd7e3a44129d12c0655005d4e6e5eeb9/&filename=jinstall-6u11-windows-i586-jc.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-31 64160] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-31 28544] R1 ALE_NF;Norman Firewall ALE driver;c:\windows\system32\drivers\ale_nf.sys [2009-1-16 42552] R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2009-1-16 53816] R3 CEBFilter;CEBFilter;c:\program files\c&e\osd\osdservice\cebuffer.sys [2007-9-4 5120] R3 CEIO;CEIO;c:\program files\c&e\osd\osdservice\ceio.sys [2007-8-31 4608] R3 cKBFilter;cKBFilter;c:\program files\c&e\osd\osdservice\kbfiltr.sys [2007-8-31 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-31 38496] R3 NPC;Norman Parental Control;c:\program files\norman\npc\bin\npcsvc32.exe [2009-1-16 416880] R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2009-1-28 183352] R3 NUAA;Norman User Activity Agent;c:\program files\norman\npc\bin\nuaa.exe [2009-1-16 117816] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv32mf.sys [2009-1-16 19512] R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2009-1-16 191544] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\norman\npm\bin\nvcsched.exe [2009-1-16 154680] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-11-4 283136] R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2008-11-4 458752] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-11-4 48128] R4 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2009-1-16 20448] R4 NPFSvc32;Norman Personal Firewall Service;c:\program files\norman\npf\bin\npfsvc32.exe [2009-1-16 597104] R4 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2009-1-16 121912] R4 NVOY;Norman's Very Own supplY of resources;c:\program files\norman\npm\bin\nvoy.exe [2009-1-16 121912] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936] S4 OsdService;OsdService;c:\program files\c&e\osd\osdservice\OsdService.exe [2008-1-8 53248] =============== Created Last 30 ================ 2009-01-31 20:40 <DIR> --d----- c:\users\terje\appdata\roaming\Malwarebytes 2009-01-31 20:40 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-31 20:40 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-31 20:40 <DIR> --d----- c:\programdata\Malwarebytes 2009-01-31 20:40 <DIR> --d----- c:\progra~2\Malwarebytes 2009-01-31 20:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 19:07 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-01-31 19:07 <DIR> --d----- c:\program files\Panda Security 2009-01-31 14:53 <DIR> a-dshr-- C:\autorun.inf 2009-01-31 13:57 <DIR> --d----- c:\program files\Webteh 2009-01-31 13:54 168,448 a------- c:\windows\system32\unrar.dll 2009-01-31 13:54 839,680 a------- c:\windows\system32\lameACM.acm 2009-01-31 13:54 414 a------- c:\windows\system32\lame_acm.xml 2009-01-31 13:54 217,088 a------- c:\windows\system32\yv12vfw.dll 2009-01-31 13:54 118,784 a------- c:\windows\system32\ac3acm.acm 2009-01-31 13:54 3,596,288 a------- c:\windows\system32\qt-dx331.dll 2009-01-31 13:54 795,648 a------- c:\windows\system32\xvidcore.dll 2009-01-31 13:54 684,032 a------- c:\windows\system32\divx.dll 2009-01-31 13:54 130,048 a------- c:\windows\system32\xvidvfw.dll 2009-01-31 13:54 86,016 a------- c:\windows\system32\dpl100.dll 2009-01-31 13:54 57,344 a------- c:\windows\system32\ff_vfw.dll 2009-01-31 13:54 547 a------- c:\windows\system32\ff_vfw.dll.manifest 2009-01-31 13:54 <DIR> --d----- c:\program files\K-Lite Codec Pack 2009-01-31 13:44 <DIR> --d----- c:\program files\CCleaner 2009-01-31 13:30 15,688 a------- c:\windows\system32\lsdelete.exe 2009-01-31 13:23 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-01-31 13:22 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-31 13:22 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-31 13:22 <DIR> --d----- c:\programdata\Lavasoft 2009-01-31 13:22 <DIR> --d----- c:\program files\Lavasoft 2009-01-31 11:58 <DIR> --d----- c:\users\terje\.housecall6.6 2009-01-30 19:48 925,696 ---shr-- c:\windows\system32\wauclt.exe 2009-01-30 19:47 <DIR> a-d----- c:\programdata\TEMP 2009-01-30 16:43 4 a------- c:\windows\system32\gaopdxcounter 2009-01-30 15:52 32 a------- c:\windows 2009-01-30 15:52 0 a------- c:\windows\system32 2009-01-29 23:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2009-01-29 23:36 12 a------- c:\windows\bthservsdp.dat 2009-01-28 20:06 410,984 a------- c:\windows\system32\deploytk.dll 2009-01-25 17:31 <DIR> --d----- c:\program files\Microsoft 2009-01-25 17:30 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-01-25 15:51 376 a------- c:\windows\ODBC.INI 2009-01-25 15:51 28,040 a------- c:\windows\system32\mdimon.dll 2009-01-25 15:46 <DIR> --d----- c:\windows\SHELLNEW 2009-01-25 15:20 2,048 a------- c:\windows\system32\tzres.dll 2009-01-25 15:06 443,392 a------- c:\windows\system32\win32spl.dll 2009-01-25 15:05 241,152 a------- c:\windows\system32\PortableDeviceApi.dll 2009-01-25 15:04 296,960 a------- c:\windows\system32\gdi32.dll 2009-01-25 15:03 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys 2009-01-25 15:03 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-01-25 15:03 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-01-25 15:02 1,191,936 a------- c:\windows\system32\msxml3.dll 2009-01-25 15:01 2,927,104 a------- c:\windows\explorer.exe 2009-01-25 15:00 827,392 a------- c:\windows\system32\wininet.dll 2009-01-25 15:00 712,704 a------- c:\windows\system32\WindowsCodecs.dll 2009-01-25 15:00 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll 2009-01-25 15:00 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll 2009-01-25 14:59 147,456 a------- c:\windows\system32\Faultrep.dll 2009-01-25 14:59 125,952 a------- c:\windows\system32\wersvc.dll 2009-01-25 14:59 288,768 a------- c:\windows\system32\drivers\srv.sys 2009-01-25 14:59 2,868,736 a------- c:\windows\system32\mf.dll 2009-01-25 14:59 996,352 a------- c:\windows\system32\WMNetMgr.dll 2009-01-25 14:59 94,720 a------- c:\windows\system32\logagent.exe 2009-01-25 14:59 1,645,568 a------- c:\windows\system32\connect.dll 2009-01-25 14:37 1,334,272 a------- c:\windows\system32\msxml6.dll 2009-01-25 14:27 1,524,736 a------- c:\windows\system32\wucltux.dll 2009-01-25 14:26 83,456 a------- c:\windows\system32\wudriver.dll 2009-01-25 14:26 162,064 a------- c:\windows\system32\wuwebv.dll 2009-01-25 14:26 31,232 a------- c:\windows\system32\wuapp.exe 2009-01-20 22:13 <DIR> --d----- c:\programdata\CyberLink 2009-01-20 18:19 <DIR> --d----- C:\Ny mappe 2009-01-19 18:09 <DIR> --d----- c:\program files\common files\Adobe(1) 2009-01-19 18:09 <DIR> --d----- c:\program files\Adobe(0) 2009-01-16 22:03 <DIR> --d-h--- C:\BJPrinter 2009-01-16 19:51 <DIR> --d----- c:\users\terje\Tracing 2009-01-16 19:30 <DIR> --d----- c:\program files\VideoLAN 2009-01-16 19:23 <DIR> --d----- c:\program files\common files\Windows Live 2009-01-16 18:06 56 a---h--- c:\programdata\ezsidmv.dat 2009-01-16 18:06 56 a---h--- c:\progra~2\ezsidmv.dat 2009-01-16 18:02 <DIR> --d--r-- c:\program files\Skype 2009-01-16 18:02 <DIR> --d----- c:\programdata\Skype 2009-01-16 17:04 <DIR> --d----- c:\windows\PCHEALTH 2009-01-16 16:49 212,024 a------- c:\windows\system32\nscrnsav.scr 2009-01-16 16:49 79,752 a------- c:\windows\system32\drivers\ndis_rd.sys 2009-01-16 16:49 74,624 a------- c:\windows\system32\drivers\tdi_rd.sys 2009-01-16 16:49 42,552 a------- c:\windows\system32\drivers\ale_nf.sys 2009-01-16 16:49 19,512 a------- c:\windows\system32\drivers\nvcv32mf.sys 2009-01-16 16:49 <DIR> --d----- c:\program files\Norman 2009-01-16 16:08 <DIR> --d----- c:\programdata\Adobe 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Start-meny 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Skrivere 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Programdata 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Mine dokumenter 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Maler 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\Lokale innstillinger 2009-01-16 16:06 <DIR> --dsh--- c:\users\terje\AndrMask 2009-01-16 16:06 <DIR> --d----- c:\users\Terje ==================== Find3M ==================== 2009-01-31 22:10 452,326 a------- c:\windows\system32\perfh014.dat 2009-01-31 22:10 76,478 a------- c:\windows\system32\perfc014.dat 2009-01-31 13:46 86,016 a------- c:\windows\inf\infstrng.dat 2009-01-31 13:46 86,016 a------- c:\windows\inf\infstor.dat 2009-01-31 13:46 51,200 a------- c:\windows\inf\infpub.dat 2008-12-07 12:44 30,088 a------- c:\windows\system32\drivers\btnetBus.sys 2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll 2008-11-04 19:40 294,254 a------- c:\windows\system32\perfi014.dat 2008-11-04 19:40 294,254 a------- c:\windows\inf\perflib414\perfi.dat 2008-11-04 19:40 294,254 a------- c:\windows\inf\perflib414\perfh.dat 2008-11-04 19:40 35,166 a------- c:\windows\system32\perfd014.dat 2008-11-04 19:40 35,166 a------- c:\windows\inf\perflib414\perfd.dat 2008-11-04 19:40 35,166 a------- c:\windows\inf\perflib414\perfc.dat 2008-11-04 09:56 319,456 a------- c:\windows\DIFxAPI.dll 2008-11-04 09:54 315,392 a------- c:\windows\HideWin.exe 2008-06-20 08:05 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfc.dat 2008-04-21 15:39 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT ============= FINISH: 22:32:19,14 =============== Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Gå til Virustotal og last opp følgende fil for sjekk: c:\windows\system32\wauclt.exe File er en skjult systemfil, så du må sørge for at du kan se fila (kontrollpanel->mappealternativ->vis. Sett merke framfor "Vis skjulte filer og mapper" samt fjern merket framfor "Skjul beskyttede operativsystemfiler". Gi tilbakemelding på hva virustotal finner. (kopier resultatet i din neste post) Etterpå lager vi en fix som ordner problemet Endret 31. januar 2009 av norbat Lenke til kommentar
billywillie Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 og her kom svaret. jeg skjønner inggenting. Please report failure as: ErrorTime= "Jan 31 23:38:22" Lenke til kommentar
norbat Skrevet 31. januar 2009 Del Skrevet 31. januar 2009 (endret) Ok, Prøv Jotti Etter at du har fått sjekket fila, så fortsetter du med følgende: Hent Combofix, og legg det på skrivebordet Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. dds:: c:\windows\system32\wauclt.exe mRun: [services Manager] wauclt.exe Er også interessert i å få vite hva som sto på msn-linken du klikket på og som satte dette igjan. Endret 31. januar 2009 av norbat Lenke til kommentar
billywillie Skrevet 31. januar 2009 Forfatter Del Skrevet 31. januar 2009 :\windows\system32\wauclt.exe File: wauclt.exe Status: INFECTED/MALWARE MD5: 2925fb24af7f37a248b849390c86014a Packers detected: - Scanner results Scan taken on 31 Jan 2009 23:20:34 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Backdoor.Win32.SdBot.kav G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.kav NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found Sus/UnkPacker (probable variant) VirusBuster Found nothing VBA32 Found nothing ComboFix 09-01-31.01 - Terje 2009-02-01 0:33:07.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1044.18.1916.1014 [GMT 1:00] Kjører fra: c:\users\Terje\Desktop\ComboFix.exe Command switches brukt :: c:\users\Terje\Desktop\CFScript.txt..txt AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) FW: Personlig brannmur *enabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wauclt.exe d:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213 d:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini d:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe s:\recycler\S-9-1-33-100021209-100012117-100001694-8194.com . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-31 ))))))))))))))))))))))))))))))))) . 2009-01-31 22:46 . 2009-01-31 23:07 <DIR> d-------- c:\programdata\Spybot - Search & Destroy 2009-01-31 22:46 . 2009-01-31 22:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-31 20:40 . 2009-01-31 20:40 <DIR> d-------- c:\users\Terje\AppData\Roaming\Malwarebytes 2009-01-31 20:40 . 2009-01-31 20:40 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-31 20:40 . 2009-01-31 21:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-31 20:40 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-31 20:40 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-01-31 19:07 . 2009-01-31 19:07 <DIR> d-------- c:\program files\Panda Security 2009-01-31 19:07 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys 2009-01-31 13:57 . 2009-01-31 13:57 <DIR> d-------- c:\program files\Webteh 2009-01-31 13:54 . 2009-01-31 13:54 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-31 13:54 . 2008-11-06 17:37 3,596,288 --a------ c:\windows\System32\qt-dx331.dll 2009-01-31 13:54 . 2008-09-24 19:41 839,680 --a------ c:\windows\System32\lameACM.acm 2009-01-31 13:54 . 2008-12-07 19:08 795,648 --a------ c:\windows\System32\xvidcore.dll 2009-01-31 13:54 . 2008-11-06 17:33 684,032 --a------ c:\windows\System32\divx.dll 2009-01-31 13:54 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll 2009-01-31 13:54 . 2008-09-16 20:23 168,448 --a------ c:\windows\System32\unrar.dll 2009-01-31 13:54 . 2008-12-07 19:08 130,048 --a------ c:\windows\System32\xvidvfw.dll 2009-01-31 13:54 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm 2009-01-31 13:54 . 2008-12-11 01:33 86,016 --a------ c:\windows\System32\dpl100.dll 2009-01-31 13:54 . 2008-12-08 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll 2009-01-31 13:54 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest 2009-01-31 13:54 . 2008-10-03 13:30 414 --a------ c:\windows\System32\lame_acm.xml 2009-01-31 13:44 . 2009-01-31 13:44 <DIR> d-------- c:\program files\CCleaner 2009-01-31 13:30 . 2009-01-18 22:35 15,688 --a------ c:\windows\System32\lsdelete.exe 2009-01-31 13:23 . 2009-01-31 13:23 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-01-31 13:23 . 2009-01-18 22:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys 2009-01-31 13:22 . 2009-01-31 13:23 <DIR> d-------- c:\programdata\Lavasoft 2009-01-31 13:22 . 2009-01-31 13:22 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-31 13:22 . 2009-01-31 13:22 <DIR> d-------- c:\program files\Lavasoft 2009-01-31 11:58 . 2009-01-31 13:14 <DIR> d-------- c:\users\Terje\.housecall6.6 2009-01-30 19:47 . 2009-01-31 22:03 <DIR> d-a------ c:\programdata\TEMP 2009-01-30 16:43 . 2009-01-31 15:00 4 --a------ c:\windows\System32\gaopdxcounter 2009-01-30 15:52 . 2009-01-31 13:46 32 --a------ c:\windows\0 2009-01-30 15:52 . 2009-01-30 15:52 0 --a------ c:\windows\System32\0 2009-01-29 23:46 . 2009-01-29 23:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2009-01-29 23:36 . 2009-01-30 15:53 12 --a------ c:\windows\bthservsdp.dat 2009-01-28 20:06 . 2009-01-28 20:05 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-28 20:05 . 2009-01-28 20:05 <DIR> d-------- c:\program files\Java 2009-01-26 15:04 . 2009-01-26 15:05 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-25 17:39 . 2009-01-25 17:39 <DIR> d-------- c:\program files\Common Files\Skype 2009-01-25 17:31 . 2009-01-25 17:31 <DIR> d-------- c:\program files\Microsoft 2009-01-25 17:30 . 2009-01-25 17:30 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-25 16:41 . 2009-01-25 16:41 <DIR> d-------- c:\users\Terje\AppData\Roaming\vlc 2009-01-25 15:51 . 2007-04-09 13:23 28,040 --a------ c:\windows\System32\mdimon.dll 2009-01-25 15:51 . 2009-01-25 15:51 376 --a------ c:\windows\ODBC.INI 2009-01-25 15:47 . 2009-01-25 15:56 <DIR> d-------- c:\program files\Microsoft Works 2009-01-25 15:46 . 2009-01-25 15:48 <DIR> d-------- c:\windows\SHELLNEW 2009-01-25 15:46 . 2009-01-25 15:46 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-25 15:20 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-01-25 15:06 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2009-01-25 15:05 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2009-01-25 15:04 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2009-01-25 15:03 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2009-01-25 15:03 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2009-01-25 15:03 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2009-01-25 15:02 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2009-01-25 15:01 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2009-01-25 15:00 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll 2009-01-25 15:00 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2009-01-25 15:00 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2009-01-25 15:00 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2009-01-25 14:59 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2009-01-25 14:59 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2009-01-25 14:59 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2009-01-25 14:59 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-25 14:59 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll 2009-01-25 14:59 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll 2009-01-25 14:59 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2009-01-25 14:37 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2009-01-25 14:27 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2009-01-25 14:27 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2009-01-25 14:27 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2009-01-25 14:27 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2009-01-25 14:26 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2009-01-25 14:26 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2009-01-25 14:26 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2009-01-25 14:26 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2009-01-25 14:26 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2009-01-20 22:13 . 2009-01-20 22:13 <DIR> d-------- c:\programdata\CyberLink 2009-01-20 18:19 . 2009-01-31 14:03 <DIR> d-------- C:\Ny mappe 2009-01-19 18:09 . 2009-01-19 18:09 <DIR> d-------- c:\program files\Common Files\Adobe(1) 2009-01-19 18:09 . 2009-01-19 18:09 <DIR> d-------- c:\program files\Adobe(0) 2009-01-19 16:40 . 2009-01-24 22:08 <DIR> d-------- c:\users\Terje\AppData\Roaming\dvdcss 2009-01-18 11:28 . 2009-01-18 11:28 <DIR> d-------- c:\users\Terje\AppData\Roaming\CyberLink 2009-01-16 22:03 . 2009-01-16 22:03 <DIR> d--h----- C:\BJPrinter 2009-01-16 19:51 . 2009-01-31 22:04 <DIR> d-------- c:\users\Terje\Tracing 2009-01-16 19:32 . 2009-01-25 17:30 <DIR> d-------- c:\program files\Windows Live 2009-01-16 19:30 . 2009-01-16 19:30 <DIR> d-------- c:\program files\VideoLAN 2009-01-16 19:23 . 2009-01-16 19:23 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-16 18:28 . 2009-01-16 18:28 <DIR> d-------- c:\windows\System32\Macromed 2009-01-16 18:06 . 2009-01-31 16:02 <DIR> d-------- c:\users\Terje\AppData\Roaming\skypePM 2009-01-16 18:06 . 2009-01-16 18:06 56 --ah----- c:\programdata\ezsidmv.dat 2009-01-16 18:02 . 2009-01-31 21:46 <DIR> d-------- c:\users\Terje\AppData\Roaming\Skype 2009-01-16 18:02 . 2009-01-25 17:38 <DIR> d-------- c:\programdata\Skype 2009-01-16 18:02 . 2009-01-25 17:39 <DIR> dr------- c:\program files\Skype 2009-01-16 17:52 . 2009-01-25 14:47 <DIR> d-------- c:\program files\Opera 2009-01-16 17:46 . 2009-01-16 17:46 <DIR> d-------- c:\users\Terje\AppData\Roaming\Apple Computer 2009-01-16 17:04 . 2009-01-16 17:04 <DIR> d-------- c:\windows\PCHEALTH 2009-01-16 17:01 . 2009-01-25 14:13 <DIR> dr-h----- C:\MSOCache 2009-01-16 16:49 . 2009-01-31 22:02 <DIR> d-------- c:\program files\Norman 2009-01-16 16:49 . 2008-05-16 11:28 212,024 --a------ c:\windows\System32\nscrnsav.scr 2009-01-16 16:49 . 2008-02-07 12:12 79,752 --a------ c:\windows\System32\drivers\ndis_rd.sys 2009-01-16 16:49 . 2008-02-07 12:12 74,624 --a------ c:\windows\System32\drivers\tdi_rd.sys 2009-01-16 16:49 . 2008-04-16 12:57 42,552 --a------ c:\windows\System32\drivers\ale_nf.sys 2009-01-16 16:49 . 2008-09-02 12:48 19,512 --a------ c:\windows\System32\drivers\nvcv32mf.sys 2009-01-16 16:09 . 2009-01-16 16:09 <DIR> dr------- c:\users\Terje\Searches 2009-01-16 16:08 . 2009-01-25 14:40 <DIR> dr------- c:\users\Terje\Contacts 2009-01-16 16:06 . 2009-01-16 16:09 <DIR> dr------- c:\users\Terje\Videos 2009-01-16 16:06 . 2009-01-25 14:19 <DIR> dr------- c:\users\Terje\Saved Games 2009-01-16 16:06 . 2009-01-16 16:09 <DIR> dr------- c:\users\Terje\Pictures 2009-01-16 16:06 . 2009-01-16 16:09 <DIR> dr------- c:\users\Terje\Music 2009-01-16 16:06 . 2009-01-16 16:09 <DIR> dr------- c:\users\Terje\Links 2009-01-16 16:06 . 2009-01-16 16:45 <DIR> dr------- c:\users\Terje\Downloads 2009-01-16 16:06 . 2009-01-31 20:18 <DIR> dr------- c:\users\Terje\Documents 2009-01-16 16:06 . 2009-01-16 16:08 <DIR> d--h----- c:\users\Terje\AppData 2009-01-16 16:06 . 2009-01-31 11:58 <DIR> d-------- c:\users\Terje 2009-01-16 16:03 . 2009-01-16 16:03 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts 2008-12-07 12:44 . 2008-12-07 12:44 30,088 --a------ c:\windows\System32\drivers\btnetBus.sys 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\System32\sirenacm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-25 14:34 --------- d-----w c:\program files\Windows Mail 2009-01-25 13:13 --------- d-----w c:\program files\Windows Sidebar 2009-01-25 13:13 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-25 13:13 --------- d-----w c:\program files\Windows Defender 2009-01-25 13:13 --------- d-----w c:\program files\Windows Collaboration 2009-01-25 13:13 --------- d-----w c:\program files\Windows Calendar 2008-11-04 08:56 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-11-04 08:54 315,392 ----a-w c:\windows\HideWin.exe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-20 11:14 74,752 ----a-w c:\windows\System32\newdev.exe 2008-10-20 11:14 468,992 ----a-w c:\windows\System32\newdev.dll 2008-10-20 11:14 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-10-20 11:14 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-10-20 11:12 428,544 ----a-w c:\windows\System32\EncDec.dll 2008-10-20 11:12 293,376 ----a-w c:\windows\System32\psisdecd.dll 2008-10-20 11:11 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-10-13 12:15 565,248 ----a-w c:\windows\System32\emdmgmt.dll 2008-10-13 12:15 45,056 ----a-w c:\windows\System32\dataclen.dll 2008-10-13 12:15 36,864 ----a-w c:\windows\System32\cdd.dll 2008-10-13 12:14 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-05-23 552960] "OSD"="c:\program files\C&E\OSD\osd.exe" [2008-02-22 671801] "UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AAA9939D-D331-4957-A14B-467F00D8CBE7}"= c:\program files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-01-31 64160] R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-01-31 28544] R1 ALE_NF;Norman Firewall ALE driver;c:\windows\System32\drivers\ale_nf.sys [2009-01-16 42552] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2009-01-16 53816] R3 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120] R3 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608] R3 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-31 38496] R3 NPC;Norman Parental Control;c:\program files\Norman\Npc\Bin\npcsvc32.exe [2009-01-16 416880] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2009-01-28 183352] R3 NUAA;Norman User Activity Agent;c:\program files\Norman\Npc\Bin\nuaa.exe [2009-01-16 117816] R3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [2009-01-16 19512] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [2009-01-16 191544] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\nvcsched.exe [2009-01-16 154680] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [2008-11-04 283136] R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [2008-11-04 458752] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2008-11-04 48128] R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2009-01-16 20448] R4 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\Npf\Bin\npfsvc32.exe [2009-01-16 597104] R4 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [2009-01-16 121912] R4 NVOY;Norman's Very Own supplY of resources;c:\program files\Norman\Npm\Bin\nvoy.exe [2009-01-16 121912] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [2008-12-07 30088] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936] S4 OsdService;OsdService;c:\program files\C&E\OSD\OsdService\OsdService.exe [2008-01-08 53248] S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-31 1153368] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - PAVBOOT *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34] 2009-01-31 c:\windows\Tasks\User_Feed_Synchronization-{78E6FDA2-530B-4992-889F-8744CB44B370}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:34] . . ------- Tilleggsskanning ------- . uStart Page = about:blank IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Norman\npc\bin\nlf.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 00:37:56 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-01 0:41:01 ComboFix-quarantined-files.txt 2009-01-31 23:40:56 Pre-Run: 111 436 111 872 byte ledig Post-Run: 111,146,078,208 byte ledig 265 --- E O F --- 2009-01-30 14:30:27 Var vel ikke msn som gjorde dette tror jeg. Lastet ned en free version av winrar og like etterpå begynte tullet. Lastet ned på minnepinne og etter instalasjon begynte norman å gi meg virusadvarsler hvert 10 sekund. Jeg googlet og fikk følgende melding: Common name: Trj/CI.A Technical name: Trj/CI.A Threat level: Medium . Prøvde så og formatere minnepenn men den var like dan etterpå. Lastet så ned et prog som heter Flash_Disinfector.exe, dette ordnet minnepinnen men etter omstart så ville ikke maskinen starte automatisk. Den var satt til å boote på minnepennen. Men utrolig bra at vi har et sånnt forum med sånne som deg som hjelper oss hjelpeløse. Får bare håpe at jeg aldri treffer noen som lager virus. da er det store muligheter at også jeg hører stemmer inni hodet. Lenke til kommentar
norbat Skrevet 1. februar 2009 Del Skrevet 1. februar 2009 Fint Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå