TheGatherer Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 (endret) Heisann Norton Antivirus fant nettop et virus kalt Downloader. Vet godt hvor jeg har fått det fra, Men har bare lastet ned derfra en gang for et halvt år siden. Jeg kjører ofte diverse programmer for å unngå virus, Selvfølgelig også da i sikkerhets modus. Jeg har aldri vært helt sikker med norton. Noen ganger har jeg kjørt norton uten spor etter viurs og kjørt den straks etterpå, Bare noen minutter senere og funnet virus. Er ikke helt sikker selvom det står at elementer er blitt fjernet. Dette viruset har etter det jeg tror vært på datamaskinen i over et halvt år, Uten å gi noe effekt på systemet. Gjennoprettet også for et par måneder siden, Men virus ble funnet i dag. Ifølge norton kopierer viruset seg til andre programmer og sprer seg, Og laster ned nye virus. Tror dere det er noen kjans for at jeg kan ha en keylogger? Og hvordan kan jeg være helt sikker på at viruset er fjernet? Programmer som jevnlig kjøres på min datamaskin: Hijackthis Norton Antivirus Spybot search and destroy SuperAntiSpyware Ad-aware Windows Defender ComboFix Takker for svar Endret 4. juni 2008 av TheGatherer Lenke til kommentar
r2d290 Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Hallo. Combofix og hijackthis har tilnærmet lik ingen effekt så lenge du ikke vet hva du skal gjøre med loggene som blir laget. Combofix er dessuten et program som oppdateres ofte, så hvis du ikke har en veldig fersk verson av combofix, bør du avinstallere dette (start->kjør og skriv: combofix /u) og deretter installere ny verson av det. Post deretter en superantispyware-log, så en combofix-logg, og til slutt en hijackthis-logg, så kan vi bekrefte/avkrefte at du er ren spør hvis du lurer på noe. Lenke til kommentar
TheGatherer Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Takker for svar Har ikke tid for øyeblikket, Men skal prøve å få gjort det til kvelden. Lenke til kommentar
TheGatherer Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 (endret) Combofix Log: ComboFix 08-06-01.6 - Torgeir 2008-06-04 19:55:35.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.544 [GMT 3:00] Running from: C:\Documents and Settings\Torgeir\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Torgeir\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))) . 2008-06-04 13:33 . 2008-06-04 13:33 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\AdobeUM 2008-05-28 17:35 . 2008-06-04 14:50 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Siste 2008-05-20 15:59 . 2008-05-20 20:54 212 --a------ C:\WINDOWS\ildasmfnt.bin 2008-05-16 20:24 . 2008-05-16 20:24 <DIR> d-------- C:\WINDOWS\system32\no 2008-05-16 20:24 . 2008-05-16 20:24 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-16 20:24 . 2008-05-16 20:24 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-16 20:21 . 2008-05-16 20:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-16 18:31 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys 2008-05-16 18:31 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-05-16 18:31 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-05-16 18:31 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2008-05-16 18:31 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2008-05-16 18:31 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2008-05-16 18:31 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-05-16 18:31 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-05-16 18:30 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-05-16 18:30 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-05-16 18:30 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-05-13 11:39 . 2008-06-03 22:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-13 11:39 . 2008-05-13 11:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-13 11:38 . 2008-05-13 11:39 <DIR> d-------- C:\Programfiler\iTunes 2008-05-13 11:38 . 2008-05-13 11:38 <DIR> d-------- C:\Programfiler\iPod 2008-05-13 11:36 . 2008-05-13 11:37 <DIR> d-------- C:\Programfiler\QuickTime 2008-05-13 11:22 . 2008-05-13 11:22 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-05-08 22:41 . 2008-05-09 14:05 <DIR> d-------- C:\Programfiler\ffdshow 2008-05-08 22:41 . 2008-05-08 22:41 <DIR> d-------- C:\Programfiler\AliveMedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 16:58 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-06-04 13:41 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-06-04 11:36 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-04 11:36 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-06-04 11:36 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-04 11:36 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-04 11:36 --------- d-----w C:\Programfiler\Symantec 2008-05-31 11:50 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\OpenOffice.org2 2008-05-16 12:20 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-05-13 08:24 --------- d-----w C:\Programfiler\Safari 2008-05-06 15:41 --------- d-----w C:\Programfiler\MSN Messenger 2008-05-06 15:39 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-05-06 15:38 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-05-06 14:38 --------- d-----w C:\Programfiler\Windows Live 2008-04-22 13:02 --------- d-----w C:\Programfiler\Google 2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll 2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll 2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll 2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll 2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll 2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll 2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll 2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll 2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys 2008-04-14 15:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll 2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-14 15:48 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys 2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll 2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll 2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-14 06:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 06:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 06:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-25 06:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-03-03 16:26 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 06:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 06:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:22 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="D:\Ting\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968] "SpybotSD TeaTimer"="D:\spytbots programs\SDD\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208] "CurseClient"="D:\Curse\CurseClient.exe" [2008-05-19 17:57 1400832] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2006-04-07 11:45 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\S3Trayp.exe] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048] "osCheck"="C:\Programfiler\Norton\osCheck.exe" [2007-08-25 07:53 714608] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 10:34 16143872 C:\WINDOWS\RTHDCPL.exe] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "NWEReboot"="" [] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "Don't Panic!"="" [] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:22 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Ting\SASWINLO.dll 2007-04-19 13:41 294912 D:\Ting\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [] R2 NMSAccessU;NMSAccessU;D:\virus\CDBurnerXP\NMSAccessU.exe [2008-03-09 12:20] R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-05-22 20:42] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-30 13:52:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-03 19:27:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe "2008-06-02 17:01:09 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør full systemskanning - Torgeir.job" - C:\Programfiler\Norton\Norton AntiVirus\Navw32.exec/TASK: "2008-06-04 16:13:17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{33E15B84-1B69-4B56-8D4F-28C502F9542F}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 19:58:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-04 19:59:28 ComboFix-quarantined-files.txt 2008-06-04 16:59:21 Pre-Run: 28,322,557,952 byte ledig Post-Run: 28,330,217,472 byte ledig 250 --- E O F --- 2008-05-31 10:07:58 HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:35:46, on 04.06.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE D:\spytbots programs\ad-aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe D:\virus\CDBurnerXP\NMSAccessU.exe C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\S3trayp.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programfiler\internet explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe D:\spytbots programs\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYTBO~1\SDD\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton\osCheck.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Ting\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\spytbots programs\SDD\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [CurseClient] D:\Curse\CurseClient.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programfiler\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYTBO~1\SDD\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYTBO~1\SDD\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - D:\Ting\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\spytbots programs\ad-aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMSAccessU - Unknown owner - D:\virus\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 9313 bytes Får man lagd noe logg med SUPERAntispyware? Endret 3. juni 2008 av TheGatherer Lenke til kommentar
Snorre Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Emnetittel er kraftig forbedret og faller absolutt i smak. Snorre :-) Lenke til kommentar
r2d290 Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 sa ikke jeg hijackthis til slutt? jaja, post en til slutt også Lenke til kommentar
TheGatherer Skrevet 3. juni 2008 Forfatter Del Skrevet 3. juni 2008 Nå har jeg lagt ut begge loggene, Men fant ikke helt ut hvordan jeg skulle få en logg ut av SUPERAntiSpyware. Har også endret litt på rekkefølgen. Lenke til kommentar
snippsat Skrevet 3. juni 2008 Del Skrevet 3. juni 2008 Loggene er fine Combofix slette en fil. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
TheGatherer Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Loggene er fine Combofix slette en fil. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Takker for svar! Downloader viruset må mest sansynelig vært en fil som var igjen fra gjenopprettningen, Og ettersom jeg ikke har trykket etter jeg gjenopprettet har den ikke fortsatt å laste ned/spre virus? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå