bollafeiten Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 (endret) Fikk MSN viruset. Oppdaterte McAfee virusprogrammet mitt. Det fant to filer som det sletta. Er jeg kvitt viruset nå?? Syver Endret 9. juni 2008 av bollafeiten Lenke til kommentar
norbat Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 Kan du nevne hva som sto på msn-lenken og hvilke to filer som ble slette? (Sjekk evt. loggen/karantenemappa til mcafee) Lenke til kommentar
bollafeiten Skrevet 9. juni 2008 Forfatter Del Skrevet 9. juni 2008 Klikka på linken: "hxxp://video.stream.idoo. com/video.php" i msn. Viruset er i McAfee kalt: "W327IRCbot.gen.a" Filene som ble isolert er: C:\USER\SYVER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\COM6MV79\VIDEO[1].COM C:\USER\SYVER\APPDATA\LOCAL\TEMP\RARSFX0\SVCHOSL.EXE Lenke til kommentar
norbat Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 Ja, disse var knyttet til MSN-ormen Du kan godt poste en combofix-logg for dobbeltsjekk, for å se om det ligger noe annet på PC-en som bør fjernes: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix. (vanligvis c:\combofix.txt) Lenke til kommentar
bollafeiten Skrevet 9. juni 2008 Forfatter Del Skrevet 9. juni 2008 ComboFix 08-06-08.8 - Syver 2008-06-09 15:06:20.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1128 [GMT 2:00] Running from: C:\Users\Syver\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))) . 2008-06-09 14:54 . 2008-06-09 14:54 <DIR> d-------- C:\Program Files\CCleaner 2008-06-08 21:32 . 2008-06-08 21:32 <DIR> d-------- C:\Casino 2008-06-04 19:25 . 2008-06-04 19:25 <DIR> d-------- C:\Users\Syver\AppData\Roaming\tmp 2008-06-04 19:25 . 2008-06-04 19:25 <DIR> d-------- C:\Users\Syver\AppData\Roaming\Reallusion 2008-05-30 23:50 . 2008-05-30 23:50 944,184 --a------ C:\Windows\System32\winload.exe 2008-05-30 23:50 . 2008-05-30 23:50 620,088 --a------ C:\Windows\System32\ci.dll 2008-05-30 23:50 . 2008-05-30 23:50 371,712 --a------ C:\Windows\System32\srcore.dll 2008-05-30 23:50 . 2008-05-30 23:50 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-05-30 23:50 . 2008-05-30 23:50 40,960 --a------ C:\Windows\System32\srclient.dll 2008-05-30 23:50 . 2008-05-30 23:50 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-05-30 23:50 . 2008-05-30 23:50 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-05-30 23:50 . 2008-05-30 23:50 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-05-30 23:50 . 2008-05-30 23:50 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-05-30 23:49 . 2008-05-30 23:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-05-30 23:49 . 2008-05-30 23:49 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-30 23:49 . 2008-05-30 23:49 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-05-30 23:49 . 2008-05-30 23:49 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-30 23:49 . 2008-05-30 23:49 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-05-30 23:49 . 2008-05-30 23:49 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-05-30 23:49 . 2008-05-30 23:49 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-05-30 02:32 . 2008-06-07 18:17 54,133 --a------ C:\Users\Syver\AppData\Roaming\nvModes.dat 2008-05-28 21:07 . 2008-05-28 21:07 <DIR> d-------- C:\Users\Syver\AppData\Roaming\vlc 2008-05-28 21:03 . 2008-05-28 21:03 <DIR> d-------- C:\Program Files\VideoLAN 2008-05-28 20:52 . 2008-05-28 20:52 <DIR> d-------- C:\Program Files\QuickPar 2008-05-28 20:42 . 2008-05-28 20:46 <DIR> d-------- C:\Users\Syver\AppData\Roaming\NewsLeecher 2008-05-28 20:41 . 2008-05-28 20:41 <DIR> d-------- C:\Program Files\NewsLeecher 2008-05-28 20:40 . 2008-06-08 20:57 <DIR> d-------- C:\downloads 2008-05-28 17:57 . 2008-05-28 17:57 <DIR> d-------- C:\Users\Syver\AppData\Roaming\Roxio 2008-05-28 17:57 . 2008-05-28 17:57 <DIR> d-------- C:\Users\All Users\Roxio 2008-05-28 17:57 . 2008-05-28 17:57 <DIR> d-------- C:\ProgramData\Roxio 2008-05-28 17:54 . 2008-05-28 17:54 1,712,984 --a------ C:\Windows\System32\wuaueng.dll 2008-05-28 17:54 . 2008-05-28 17:54 1,524,224 --a------ C:\Windows\System32\wucltux.dll 2008-05-28 17:54 . 2008-05-28 17:54 53,080 --a------ C:\Windows\System32\wuauclt.exe 2008-05-28 17:54 . 2008-05-28 17:54 43,352 --a------ C:\Windows\System32\wups2.dll 2008-05-28 17:53 . 2008-05-28 17:53 549,720 --a------ C:\Windows\System32\wuapi.dll 2008-05-28 17:53 . 2008-05-28 17:53 163,000 --a------ C:\Windows\System32\wuwebv.dll 2008-05-28 17:53 . 2008-05-28 17:53 80,896 --a------ C:\Windows\System32\wudriver.dll 2008-05-28 17:53 . 2008-05-28 17:53 33,624 --a------ C:\Windows\System32\wups.dll 2008-05-28 17:53 . 2008-05-28 17:53 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-05-28 17:49 . 2008-05-28 17:49 <DIR> d-------- C:\Windows\PCHEALTH 2008-05-28 17:42 . 2008-05-28 17:49 <DIR> d-------- C:\Program Files\Windows Live 2008-05-28 17:42 . 2008-05-28 17:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-28 17:41 . 2008-05-28 17:41 <DIR> d-------- C:\Users\All Users\WLInstaller 2008-05-28 17:41 . 2008-05-28 17:41 <DIR> d-------- C:\ProgramData\WLInstaller 2008-05-28 14:17 . 2008-05-28 14:17 <DIR> d-------- C:\Users\Syver\AppData\Roaming\Creative 2008-05-28 14:07 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Searches 2008-05-28 14:07 . 2008-05-28 14:07 <DIR> d-------- C:\Users\Syver\Bluetooth Software 2008-05-28 14:06 . 2008-05-28 17:50 <DIR> dr------- C:\Users\Syver\Contacts 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Videos 2008-05-28 14:05 . 2008-05-28 14:29 <DIR> dr------- C:\Users\Syver\Saved Games 2008-05-28 14:05 . 2008-05-21 19:20 <DIR> d-------- C:\Users\Syver\Roaming 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Pictures 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Music 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Links 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> dr------- C:\Users\Syver\Downloads 2008-05-28 14:05 . 2008-05-28 17:50 <DIR> dr------- C:\Users\Syver\Documents 2008-05-28 14:05 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Syver\AppData\Roaming\Media Center Programs 2008-05-28 14:05 . 2008-05-28 14:07 <DIR> d--h----- C:\Users\Syver\AppData 2008-05-28 14:05 . 2008-05-30 23:53 <DIR> d-------- C:\Users\Syver 2008-05-28 14:01 . 2008-05-28 14:01 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts 2008-05-22 03:01 . 2008-05-22 03:01 <DIR> d-------- C:\Program Files\Synaptics 2008-05-22 03:00 . 2008-05-22 03:00 229,888 --a------ C:\Windows\System32\msshsq.dll 2008-05-22 02:59 . 2008-05-22 02:59 1,335,296 --a------ C:\Windows\System32\msxml6.dll 2008-05-22 02:59 . 2008-05-22 02:59 750,080 --a------ C:\Windows\System32\qmgr.dll 2008-05-22 02:59 . 2008-05-22 02:59 205,824 --a------ C:\Windows\System32\msoeacct.dll 2008-05-22 02:59 . 2008-05-22 02:59 87,040 --a------ C:\Windows\System32\msoert2.dll 2008-05-22 02:59 . 2008-05-22 02:59 39,424 --a------ C:\Windows\System32\ACCTRES.dll 2008-05-22 02:59 . 2008-05-22 02:59 2,048 --a------ C:\Windows\System32\msxml6r.dll 2008-05-22 02:57 . 2008-05-22 02:57 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-05-22 02:57 . 2008-05-22 02:57 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-05-22 02:55 . 2008-05-22 02:55 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-05-22 02:54 . 2008-05-22 02:54 694,784 --a------ C:\Windows\System32\localspl.dll 2008-05-22 02:53 . 2008-05-22 02:53 1,585,664 --a------ C:\Windows\System32\setupapi.dll 2008-05-22 02:52 . 2008-05-22 02:52 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-05-22 02:52 . 2008-05-22 02:52 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-05-22 02:51 . 2008-05-22 02:51 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-05-22 02:51 . 2008-05-22 02:51 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-05-22 02:51 . 2008-05-22 02:51 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-05-22 02:51 . 2008-05-22 02:51 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-05-22 02:51 . 2008-05-22 02:51 2,048 --a------ C:\Windows\System32\tzres.dll 2008-05-22 02:50 . 2008-05-22 02:50 1,191,936 --a------ C:\Windows\System32\msxml3.dll 2008-05-22 02:50 . 2008-05-22 02:50 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-05-22 02:50 . 2008-05-22 02:50 376,320 --a------ C:\Windows\System32\winsrv.dll 2008-05-22 02:50 . 2008-05-22 02:50 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-05-22 02:50 . 2008-05-22 02:50 49,664 --a------ C:\Windows\System32\csrsrv.dll 2008-05-22 02:50 . 2008-05-22 02:50 2,048 --a------ C:\Windows\System32\msxml3r.dll 2008-05-22 02:49 . 2008-05-22 02:49 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-05-22 02:49 . 2008-05-22 02:49 104,448 --a------ C:\Windows\System32\DWWIN.EXE 2008-05-22 02:47 . 2008-05-22 02:47 396,800 --a------ C:\Windows\System32\MPSSVC.dll 2008-05-22 02:47 . 2008-05-22 02:47 392,192 --a------ C:\Windows\System32\FirewallAPI.dll 2008-05-22 02:47 . 2008-05-22 02:47 178,688 --a------ C:\Windows\System32\iphlpsvc.dll 2008-05-22 02:47 . 2008-05-22 02:47 86,016 --a------ C:\Windows\System32\icfupgd.dll 2008-05-22 02:47 . 2008-05-22 02:47 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys 2008-05-22 02:47 . 2008-05-22 02:47 61,952 --a------ C:\Windows\System32\cmifw.dll 2008-05-22 02:47 . 2008-05-22 02:47 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys 2008-05-22 02:47 . 2008-05-22 02:47 16,896 --a------ C:\Windows\System32\wfapigp.dll 2008-05-22 02:47 . 2008-05-22 02:47 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS 2008-05-22 02:47 . 2008-05-22 02:47 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-05-22 02:45 . 2008-05-22 02:45 1,695,232 --a------ C:\Windows\System32\mssvp.dll 2008-05-22 02:44 . 2008-05-22 02:44 <DIR> d-------- C:\Windows\Users 2008-05-22 02:41 . 2007-10-04 21:24 4,943,872 --a------ C:\Windows\System32\nvd3dum.dll 2008-05-22 02:41 . 2007-09-25 10:40 521,128 --a------ C:\Windows\System32\dpinst.exe 2008-05-22 02:41 . 2007-10-04 21:24 368,640 --a------ C:\Windows\System32\nvapi.dll 2008-05-22 02:41 . 2007-10-04 21:24 86,016 --a------ C:\Windows\System32\nvsvc.dll 2008-05-22 02:41 . 2007-10-04 21:24 86,016 --a------ C:\Windows\System32\nvhotkey.dll 2008-05-22 02:41 . 2007-10-04 21:24 81,920 --a------ C:\Windows\System32\nvmctray.dll 2008-05-22 02:41 . 2007-10-04 21:24 36,864 --a------ C:\Windows\System32\nvcod100.dll 2008-05-22 02:41 . 2007-09-25 10:40 6,457 --a------ C:\Windows\System32\nvdisp.nvu 2008-05-22 02:40 . 2008-05-22 02:42 <DIR> d-------- C:\doctemp 2008-05-22 02:40 . 2008-05-22 02:40 4,432 --a------ C:\Windows\System32\drivers\1028_Dell_INS_M1330.mrk 2008-05-22 02:38 . 2008-05-22 02:38 <DIR> d-------- C:\Windows\System32\oem 2008-05-22 02:38 . 2008-05-22 02:41 <DIR> d-------- C:\Drivers 2008-05-22 02:38 . 2008-05-28 20:34 <DIR> d-------- C:\DELL 2008-05-21 19:39 . 2008-05-30 23:53 <DIR> d-------- C:\Users\All Users\NVIDIA 2008-05-21 19:39 . 2008-05-30 23:53 <DIR> d-------- C:\ProgramData\NVIDIA 2008-05-21 19:35 . 2008-06-09 15:11 11,153 --a------ C:\Windows\System32\Config.MPF 2008-05-21 19:34 . 2007-11-22 06:44 201,320 --a------ C:\Windows\System32\drivers\mfehidk.sys 2008-05-21 19:34 . 2006-03-03 12:07 143,360 --a------ C:\Windows\System32\dunzip32.dll 2008-05-21 19:34 . 2007-07-13 10:21 125,728 --a------ C:\Windows\System32\drivers\Mpfp.sys 2008-05-21 19:34 . 2007-11-22 06:44 79,304 --a------ C:\Windows\System32\drivers\mfeavfk.sys 2008-05-21 19:34 . 2007-12-02 12:51 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys 2008-05-21 19:34 . 2007-11-22 06:44 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys 2008-05-21 19:34 . 2007-11-22 06:44 33,832 --a------ C:\Windows\System32\drivers\mferkdk.sys 2008-05-21 19:33 . 2008-05-21 19:33 <DIR> d-------- C:\Users\All Users\Uninstall 2008-05-21 19:33 . 2008-05-21 19:35 <DIR> d-------- C:\Users\All Users\McAfee . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 21:56 --------- d-----w C:\Program Files\Windows Mail 2008-05-30 21:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-30 21:49 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-05-30 21:49 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-05-30 21:49 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-05-30 21:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-05-30 21:47 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-05-30 21:47 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-05-30 21:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-05-30 21:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Start-meny 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Skrivebord 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Programdata 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Maler 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Favoritter 2008-05-28 12:02 --------- d-sh--w C:\ProgramData\Dokumenter 2008-05-28 12:02 --------- d-sh--w C:\Program Files\Fellesfiler 2008-05-22 00:56 974,336 ----a-w C:\Windows\System32\crypt32.dll 2008-05-22 00:55 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-05-22 00:54 8,192 ----a-w C:\Windows\System32\riched32.dll 2008-05-22 00:53 905,400 ----a-w C:\Windows\System32\winresume.exe 2008-05-22 00:50 --------- d-----w C:\Program Files\Windows Defender 2008-05-22 00:47 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-22 00:46 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys 2008-05-22 00:46 5,120 ----a-w C:\Windows\System32\wmi.dll 2008-05-22 00:46 36,864 ----a-w C:\Windows\System32\wmdmps.dll 2008-05-22 00:46 311,296 ----a-w C:\Windows\System32\mswmdm.dll 2008-05-22 00:46 31,744 ----a-w C:\Windows\System32\wmdmlog.dll 2008-05-22 00:46 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-05-22 00:46 152,576 ----a-w C:\Windows\System32\imagehlp.dll 2008-05-22 00:46 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys 2008-05-22 00:46 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-05-22 00:44 74,752 ----a-w C:\Windows\system32\drivers\rasl2tp.sys 2008-05-21 17:09 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @={F2F31467-B1AC-4df0-AE79-FD5FA085E22B} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @={A3E208F7-0E3A-4182-A7A6-B169D5D691AA} [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 19:28 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 06:18 17920] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-27 00:39 1029416] "OEM04Mon.exe"="C:\Windows\OEM04Mon.exe" [2007-12-03 08:05 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:44 405504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-05-21 19:20 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784] "PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 23:50 49168] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-21 19:28 29744] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 11:58 184320] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-05-21 19:24:34 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Windows\system32\psqlpwd.dll 2007-04-17 00:04 86528 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1A6AB96B-96E0-4D96-A711-B55042EEA8DC}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{D64C43AC-8907-4172-B701-B855F3E782C6}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{83D04BF6-1C7D-4ECF-BC3D-ED8CE9067EBA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{1F82BE4B-F8E6-40EA-8974-8F1CBC84E6D8}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{27BEC2E7-5572-4925-85FA-F684BABD771D}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{1327AAFE-D9FC-430B-B5DF-26DF2164D999}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 05:44] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 14:35] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13] R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM04Vfx.sys [2007-12-03 08:05] R3 OEM04Vid;Creative Camera OEM004 Driver;C:\Windows\system32\DRIVERS\OEM04Vid.sys [2007-12-03 08:05] R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 23:44] S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-21 19:28] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder "2008-05-21 17:36:53 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-05-21 17:36:53 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-09 15:11:31 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\wlanext.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Fingerprint Reader Suite\upeksvr.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\System32\stacsv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\System32\conime.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe . ************************************************************************** . Completion time: 2008-06-09 15:13:25 - machine was rebooted [syver] ComboFix-quarantined-files.txt 2008-06-09 13:13:13 Pre-Run: 136,134,103,040 byte ledig Post-Run: 135,552,507,904 byte ledig 296 --- E O F --- 2008-06-03 17:55:48 Lenke til kommentar
norbat Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 Loggen ser fint ut. De ulike antivirusprogrammene begynner å ha fått oppdateringer for denne infeksjoner nå. Det er fint å se Lenke til kommentar
bollafeiten Skrevet 9. juni 2008 Forfatter Del Skrevet 9. juni 2008 Flott at det er borte! Lurte på en siste ting. Kan personene bak viruset ha fått tak i noen av mine passord feks. msn passord? Eller kan jeg trykt fortsatt ha samme passord? Lenke til kommentar
norbat Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 Tviler på at passordet er snappet opp av andre, men jeg synes man uansett skal bytte passord når man har blitt utsatt for noe slikt. Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Surf trygt Lenke til kommentar
r2d290 Skrevet 9. juni 2008 Del Skrevet 9. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå