MSN photobucket virus

21 innlegg i emnet

Skrevet

Hei.

Ei på kontaktlista mi på MSN kontakta meg, og jeg fikk en link. Liksom til photobucket. eks: image22.JPG-www.photobucket.com

Også blei det lasta ned ei fil, tenkte, her er det noe humbug, så jeg lasta ned nyeste antivirus oppdateringer fra norton, og søkte gjennom fila.. Husker ikke navnet på fila.. men var ei slags msdos fil.. exe fil.. på 36kb eller noe. Så tenke, jaja, får prøve. Åpna den, og plutselig begynte msn og sende ut linken til alle på kontaktlista. Har søkt litt rundt men finner ikke noen måte å bli kvitt dette på. Det nermeste jeg fant var dette:http://www.cisrt.org/enblog/read.php?184 Men skjønner ikke heløt hvordan jeg skal få fjerna det.

Noen som har vært borti detta.

Hjelp!

På forrhånd takk

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Last ned MSNFix, og pakk det ut på skrivebordet.

Kjør filen 'MSNFix.bat'. Følg veiledningen

Deretter henter du Combofix, legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt) sammen med loggen fra MSNFix.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er loggen fra MSNFix: MSNFix 1.623

C:\Documents and Settings\Stephan\Desktop\MSNFix

Sokningen var klar pa 11.01.2008 - 18:06:06,18 By Stephan

normalt lage

************************ Kollar filer

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

************************ MSNCHK ***** /!\ beta test /!\

************************ Kollar mappar

Inga Mappar Funna

************************ Tar bort virus filer

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

************************ Rensar registret

************************ Misstankta Filer

Inga Filer Funna

Filerna och Registernycklarna har sparats i karantan 11.01.2008_18094201.zip

------------------------------------------------------------------------

Gjord av : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

og fra Combofix

ComboFix 08-01-11.1 - Stephan 2008-01-11 18:14:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT -8:00]

Running from: C:\Documents and Settings\Stephan\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

2008-01-11 18:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 15:53 . 2008-01-11 15:52 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

2008-01-10 22:17 . 2008-01-10 22:17 <DIR> d-------- C:\Documents and Settings\Stephan\Application Data\SmartFTP

2008-01-10 22:16 . 2008-01-10 22:16 <DIR> d-------- C:\Program Files\SmartFTP Client

2008-01-10 22:15 . 2008-01-10 22:16 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files

2008-01-03 20:12 . 2008-01-03 20:15 <DIR> d-------- C:\Documents and Settings\Stephan\Application Data\FrostWire

2008-01-03 20:09 . 2008-01-03 20:12 <DIR> d-------- C:\Program Files\FrostWire

2007-12-12 17:25 . 2007-12-12 17:26 <DIR> d-------- C:\Documents and Settings\Stephan\Application Data\fretsonfire

2007-12-12 17:24 . 2007-12-12 17:25 <DIR> d-------- C:\Program Files\Frets on Fire

2007-12-12 16:46 . 2007-12-12 16:46 <DIR> d-------- C:\Documents and Settings\Stephan\Application Data\Kazaa Lite

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 02:00 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-01-05 00:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-04 04:09 --------- d-----w C:\Program Files\LimeWire

2007-12-12 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-12-06 00:36 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-06 00:36 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-12-06 00:36 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-06 00:36 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-06 00:36 --------- d-----w C:\Program Files\Symantec

2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys

2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys

2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys

2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat

2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat

2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat

2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

2007-11-30 04:00 --------- d-----w C:\Program Files\Norton AntiVirus

2007-11-20 00:29 --------- d-----w C:\Program Files\Lavasoft

2007-11-20 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-20 00:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-31 03:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-10-31 03:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 19:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-03-25 21:46 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-02 02:52 94208]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-02 02:51 352256]

"ATIModeChange"="Ati2mdxx.exe" [2002-07-24 17:02 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29 290816]

"LTSMMSG"="LTSMMSG.exe" [2002-05-07 04:55 32768 C:\WINDOWS\LTSMMSG.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]

"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 09:22 26248]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 13:55 185896]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Stephan\Start Menu\Programs\Startup\

Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2003-10-04 06:54:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2007-04-09 13:19 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

-ra------ 2002-12-15 05:01 53248 C:\WINDOWS\system32\MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]

-ra------ 2002-12-15 05:01 57344 C:\WINDOWS\system32\MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]

-ra------ 2002-12-15 05:01 53248 C:\WINDOWS\system32\MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [2003-12-27 20:42]

R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys [2003-12-27 02:38]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 06:35]

R3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;C:\WINDOWS\system32\DRIVERS\3C154G72.sys [2003-07-22 10:40]

R3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-05-07 04:55]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-09-17 03:46]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-08-22 20:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-06 01:14:45 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Stephan.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 18:17:44

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL

.

Completion time: 2008-01-11 18:18:56

.

2008-01-10 00:29:50 --- E O F ---

Hva mer ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt->vis->"vis skjulte filer og mapper".

Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for en sjekk (i fet):

C:\WINDOWS\ntmngr.exe. Gi tilbakemelding.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei!

Fikk tilsendt slik jeg også, men det lønner seg ikke å laste ned noe fra en link.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt->vis->"vis skjulte filer og mapper".

Gå til nettstedet http://virusscan.jotti.org/ og last opp følgende fil for en sjekk (i fet):

C:\WINDOWS\ntmngr.exe. Gi tilbakemelding.

Jeg finner ingen fil som heter ntmngr :\

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\WINDOWS\ntmngr.exe

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei..har klart å få dette jeg og..:P Har gjort som beskrevet overfor,er alt i orden nå da?

MSNFix 1.625

C:\Documents and Settings\NorunnC\Skrivebord\MSNFix

Scan done at 12.01.2008 - 14:06:22,98 By NorunnC

normal mode

************************ Checking Files

... C:\DOCUME~1\NorunnC\LOKALE~1\Temp\*.dmp

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

************************ MSNCHK ***** /!\ beta test /!\

************************ Checking Folders

No Folders Found

************************ Deleting malware Files

.. OK ... C:\DOCUME~1\NorunnC\LOKALE~1\Temp\*.dmp

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

************************ Registry Cleaning

************************ Suspect Files

/!\ The detected files must be reviewed by a forum Helper before changes can be made

[C:\StubInstaller.exe] 0B6D98086B4875B9A9F2E1D3A5A22323

==> Please upload the file C:\DOCUME~1\NorunnC\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr

The File and Registry deletions have been saved in 12.01.2008_14091918.zip

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Combofix:

ComboFix 08-01-11.3 - NorunnC 2008-01-12 14:33:31.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.56 [GMT 1:00]

Running from: C:\Documents and Settings\NorunnC\Lokale innstillinger\Temporary Internet Files\Content.IE5\CHZ223ET\ComboFix[1].exe

.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

2008-01-12 14:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 22:37 . 2008-01-11 22:36 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 13:24 --------- d-----w C:\Documents and Settings\NorunnC\Programdata\Skype

2008-01-12 00:06 --------- d-----w C:\Programfiler\Windows Live Safety Center

2008-01-11 23:09 --------- d-----w C:\Programfiler\SpywareBlaster

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr

2007-12-02 22:14 --------- d-----w C:\Documents and Settings\NorunnC\Programdata\Azureus

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-12 20:16 --------- d-----w C:\Programfiler\LimeWire

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll

2007-11-07 09:30 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll

2007-10-30 23:30 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"ares"="C:\Programfiler\Ares\Ares.exe" [ ]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-03-29 07:13 258048]

"msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-02-05 17:35 25370152]

"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 13:08 860160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 21:00 344064]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]

"Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [2005-02-07 08:43 606208]

"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [2004-09-13 11:33 155648]

"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]

"URLLSTCK.exe"="C:\Programfiler\Norton Internet Security\UrlLstCk.exe" [ ]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]

"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01 86016]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\SYSTEM32\P0620Pin.dll]

"SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 09:07 40960]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 10:31 819712]

"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 14:29 176128]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 07:52 218232]

"ALUAlert"="C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe" [ ]

"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-03-29 20:53:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-11-03 21:17:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-12 10:24:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-01-12 13:32:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Programfiler\Symantec\LiveUpdate\NDetect.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 14:35:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background??e

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-12 14:36:14

ComboFix2.txt 2008-01-12 13:19:00

.

2008-01-10 20:39:03 --- E O F ---

Blir veeldig takknemlig for hjelp..:)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Denne fila skal bort: C:\WINDOWS\ntmngr.exe

Du kan enten bruke utforsker til å finne og slette den

eller:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\ntmngr.exe

Post i såfall loggen den lager.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

prøvde det der...men compofix starta av seg selv,uten at jeg fikk lagt den på skrivebordet...finner det ikke igjen...og ikke finner jeg den fila,selv om jeg har ordna så jeg skal se skjulte filer og sånn...må vel bare få en eller annen som ikke er like grønn som meg til å gjøre det...p

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Prøv en gang til

1. Last ned combofix og legg det på skrivebordet

2. Åpne notisblokk, kopier inn det som er i fet tekst under og lagre fila på skrivebordet med filnavnet CFScript.txt

File::

C:\WINDOWS\ntmngr.exe

3. Ta tak i fila du nettopp oppreettet og dra og slipp den over Combofix-iconet. Combofix vil starte. Når det er ferdig, lager den en logg som du poster.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tror jeg også har fått det viruset, prøvde combofix og msnfix men ikke sikker på om det virka. :S

Legger ved loggene.

-----

MSNFix 1.625-1

C:\Documents and Settings\Marius\Desktop\MSNFix

Scan done at 13.01.2008 - 9:08:51,75 By Marius

normal mode

************************ Checking Files

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

************************ MSNCHK ***** /!\ beta test /!\

************************ Checking Folders

... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

************************ Deleting malware Files

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

************************ Deleting malware Folders

.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\

************************ Registry Cleaning

************************ Suspect Files

No files found

The File and Registry deletions have been saved in 13.01.2008_ 9113829.zip

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

----

ComboFix 08-01-13.1 - Marius 2008-01-13 9:12:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1391 [GMT 1:00]

Running from: C:\Documents and Settings\Marius\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

2008-01-13 09:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 23:37 . 2008-01-12 23:37 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-12 17:17 . 2008-01-12 17:17 244 --ah----- C:\sqmnoopt03.sqm

2008-01-12 17:17 . 2008-01-12 17:17 232 --ah----- C:\sqmdata03.sqm

2008-01-09 23:38 . 2008-01-09 23:38 280 --a------ C:\WINDOWS\system32\PDBootState

2008-01-04 19:09 . 2008-01-04 19:09 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2008-01-04 19:08 . 2008-01-04 19:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2008-01-04 18:20 . 2008-01-04 18:20 <DIR> d-------- C:\WINDOWS\nview

2008-01-04 18:18 . 2007-12-05 06:41 7,435,392 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-01-04 18:18 . 2007-12-05 06:41 2,498,560 --a------ C:\WINDOWS\system32\nvwss.dll

2008-01-04 18:16 . 2008-01-04 18:16 <DIR> d-------- C:\Program Files\Nvidia Omega Drivers

2008-01-04 18:16 . 2008-01-04 18:16 472,576 --a------ C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe

2008-01-03 18:11 . 2008-01-13 09:08 <DIR> d-------- C:\Program Files\GetRight

2008-01-03 18:11 . 2008-01-03 19:08 <DIR> d-------- C:\Documents and Settings\Marius\Application Data\GetRight

2008-01-03 18:10 . 2008-01-03 18:15 <DIR> d-------- C:\Documents and Settings\Marius\Application Data\GetRightToGo

2007-12-31 21:20 . 2007-12-31 21:21 <DIR> d-------- C:\Program Files\RivaTuner v2.06

2007-12-31 21:07 . 2007-12-31 21:19 <DIR> d-------- C:\Program Files\ATITool

2007-12-31 01:57 . 2007-12-31 01:58 <DIR> d-------- C:\Documents and Settings\Marius\Application Data\DAEMON Tools

2007-12-31 01:53 . 2007-12-31 01:53 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2007-12-31 01:53 . 2007-12-31 01:53 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2007-12-28 22:55 . 2007-12-28 22:55 244 --ah----- C:\sqmnoopt02.sqm

2007-12-28 22:55 . 2007-12-28 22:55 232 --ah----- C:\sqmdata02.sqm

2007-12-28 22:43 . 2007-12-28 22:43 244 --ah----- C:\sqmnoopt01.sqm

2007-12-28 22:43 . 2007-12-28 22:43 232 --ah----- C:\sqmdata01.sqm

2007-12-24 23:25 . 2007-12-24 23:25 <DIR> d-------- C:\Program Files\Electronic Arts

2007-12-24 23:24 . 2007-12-24 23:24 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2007-12-24 23:24 . 2007-12-24 23:24 <DIR> d-------- C:\Program Files\AGEIA Technologies

2007-12-22 05:53 . 2007-12-22 05:53 <DIR> d-------- C:\Program Files\RAXCO

2007-12-22 05:53 . 2007-12-22 05:55 <DIR> d-------- C:\Program Files\Common Files\Raxco

2007-12-22 05:53 . 2007-12-22 05:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco

2007-12-21 21:05 . 2007-12-21 21:24 <DIR> d-------- C:\WINDOWS\uninstall\LFS Database Hi-Res Pack

2007-12-21 21:05 . 2007-12-21 21:05 <DIR> d-------- C:\WINDOWS\uninstall

2007-12-14 17:15 . 2007-12-14 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

2007-12-14 16:47 . 2007-12-14 16:54 <DIR> d-------- C:\Documents and Settings\Marius\Application Data\Bioshock

2007-12-13 21:51 . 2007-12-13 21:51 244 --ah----- C:\sqmnoopt00.sqm

2007-12-13 21:51 . 2007-12-13 21:51 232 --ah----- C:\sqmdata00.sqm

2007-12-13 13:36 . 2007-12-13 13:36 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-12-13 13:35 . 2007-12-13 13:35 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2007-12-13 13:35 . 2007-08-20 11:05 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys

2007-12-13 13:35 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2007-12-13 13:35 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2007-12-13 13:35 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-12-13 13:34 . 2007-12-13 13:34 <DIR> d-------- C:\Program Files\Futuremark

2007-12-13 12:24 . 2007-12-13 12:25 <DIR> d-------- C:\Documents and Settings\Marius\Application Data\muvee Technologies

2007-12-13 12:23 . 2001-01-09 19:09 12,285 --a------ C:\WINDOWS\Cadx3.ini

2007-12-13 12:23 . 2003-02-14 03:20 6,942 --a------ C:\WINDOWS\cadx2.ini

2007-12-13 12:18 . 2008-01-13 09:09 557 --a------ C:\WINDOWS\DFC.INI

2007-12-13 12:13 . 2007-12-13 12:13 <DIR> d-------- C:\Program Files\muvee Technologies

2007-12-13 12:12 . 2007-12-13 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies

2007-12-13 12:10 . 2007-12-05 06:41 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll

2007-12-13 11:37 . 2007-12-13 11:37 <DIR> d-------- C:\Program Files\Driver Cleaner Pro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 07:36 --------- d-----w C:\Documents and Settings\Marius\Application Data\OpenOffice.org2

2008-01-13 07:24 --------- d-----w C:\Program Files\SpywareBlaster

2008-01-13 07:23 --------- d-----w C:\Program Files\DivX

2008-01-11 16:13 --------- d-----w C:\Program Files\WowReader

2008-01-09 08:03 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-01-04 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-31 00:57 --------- d-----w C:\Program Files\DAEMON Tools

2007-12-31 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo

2007-12-31 00:53 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-12-31 00:53 139,008 ----a-w C:\WINDOWS\system32\guard32.dll.vir

2007-12-31 00:53 --------- d-----w C:\Documents and Settings\Marius\Application Data\Comodo

2007-12-25 22:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-12-25 22:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-12-25 22:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2007-12-25 18:40 --------- d-----w C:\Documents and Settings\Marius\Application Data\teamspeak2

2007-12-25 00:41 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-24 22:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-22 15:02 --------- d-----w C:\Program Files\Winamp

2007-12-13 12:36 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-12-06 08:31 --------- d-----w C:\Documents and Settings\Marius\Application Data\THQ

2007-12-06 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2007-12-06 08:24 --------- d-----w C:\Program Files\THQ

2007-12-06 08:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-05 16:44 --------- d-----w C:\Program Files\Java

2007-12-05 05:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 05:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 05:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 05:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 05:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 05:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 05:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 05:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2007-12-05 05:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 05:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2007-12-05 05:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 05:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 05:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 05:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 05:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 05:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 05:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 05:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-12-05 05:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-12-05 05:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-12-05 05:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-12-05 05:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-12-05 05:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-12-05 05:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-12-05 05:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-12-05 05:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-12-05 05:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-12-05 05:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-12-05 05:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 05:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

2007-12-05 05:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

2007-12-05 05:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-12-05 05:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-12-05 05:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 05:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 05:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2007-12-05 05:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

2007-12-05 05:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

2007-12-05 05:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

2007-12-05 05:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

2007-12-05 05:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

2007-12-05 05:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

2007-12-05 05:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

2007-12-05 05:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

2007-12-05 05:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 05:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

2007-12-05 05:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll

2007-12-05 05:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

2007-12-05 05:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

2007-12-05 05:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

2007-12-05 05:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll

2007-12-05 05:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

2007-12-05 05:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

2007-12-05 05:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

2007-12-05 05:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

2007-12-05 05:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

2007-12-05 05:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

2007-12-05 05:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

2007-12-05 05:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

2007-12-05 05:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

2007-12-05 05:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

2007-12-05 05:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

2007-12-05 05:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

2007-12-05 05:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

2007-12-05 05:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll

2007-12-05 05:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll

2007-12-05 05:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll

2007-12-05 05:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll

2007-12-05 05:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll

2007-12-05 05:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll

2007-12-05 05:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll

2007-12-05 05:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 05:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll

2007-12-05 05:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll

2007-12-05 05:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll

2007-12-05 05:41 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-31 13:26 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-29 13:05 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 13:05 949376]

"MBM 5"="C:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-11-27 07:34 2189864]

"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2007-12-31 01:53 1481472]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 06:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 06:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 06:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-31 12:55:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-31 01:53]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-31 01:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e4ddaec-87aa-11dc-af49-806d6172696f}]

\Shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 09:13:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

.

Completion time: 2008-01-13 9:14:10

.

2008-01-09 03:59:15 --- E O F ---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Amarios:

Følgende fil skal bort: C:\WINDOWS\lssas.exe

Du kan forsøke å ta den manuelt via utforsker eller:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\lssas.exe

Det blir laget en ny logg. Du kan kontrollere at fila Issas.exe ble fjernet. Jeg trenger ikke å se Combofix-loggen, men du kan godt poste en HJT-logg:

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Logfile of HijackThis v1.99.1

Scan saved at 11:37:06, on 13.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\WINDOWS\TBPanel.exe

C:\Program Files\Comodo\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

E:\Marius\Zipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Alt i orden nå? :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Hvis lssas.exe ble fjernet, så ser dette fint ut :)

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Surf trygt.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hvis lssas.exe ble fjernet, så ser dette fint ut :)

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Surf trygt.

Takker for hjelpa. :)

(Bruker ikke systemgjenoppretting så trenger ikke tenke på det :P)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei. Jeg sliter voldsomt med samme problemet. Har brukt noen timer på å finne ut av det, hvor til slutt fant denne tråden.

Jeg har lastet ned MSNfix og Combofix. Problemet mitt er nå at når jeg velger språk engelsk og skriver run, så går det bare noen sekunder og vinduet lukker seg. Jeg får derfor ikke frem noe logg eller lignende.

Hadde satt stor pris om noen hadde noe å bidra med :rolleyes:

Combofix ser ut til å funke, og jeg får opp loggen:

Hvis noen får noe ut av dette, har det vært fint med tips om hva jeg kan gjøre videre.

ComboFix 08-01-13.1 - Helge Mathias 2008-01-13 20:28:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1574 [GMT 1:00]

Running from: C:\Documents and Settings\Helge Mathias\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\images.zip

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_NPF

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))

.

2008-01-13 20:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-13 00:40 . 2008-01-13 00:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-01-13 00:40 . 2008-01-13 20:03 <DIR> d-------- C:\Documents and Settings\Helge Mathias\Application Data\AVG7

2008-01-13 00:39 . 2008-01-13 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-12 03:26 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\nkwfemfybula.sys

2008-01-12 03:05 . 2008-01-12 03:05 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-12 03:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\javiojfnshea.sys

2008-01-12 02:43 . 2008-01-12 04:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-12 02:43 . 2008-01-12 03:25 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-12 02:43 . 2008-01-12 03:25 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-12 02:43 . 2008-01-12 03:25 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-12 02:19 . 2008-01-12 02:19 <DIR> d-------- C:\Program Files\Panda Security

2008-01-12 02:19 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl

2008-01-12 02:19 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2008-01-12 00:55 . 2008-01-12 00:55 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-12 00:55 . 2008-01-12 00:55 45,568 --a------ C:\update.exe

2008-01-07 18:13 . 2008-01-13 20:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-07 18:13 . 2008-01-07 18:13 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-07 18:12 . 2008-01-07 18:12 <DIR> d-------- C:\Program Files\iPod

2007-12-25 19:28 . 2007-12-25 19:26 101,316 --------- C:\WINDOWS\hpgins17.dat.temp

2007-12-25 19:28 . 2007-01-23 22:25 284 --------- C:\WINDOWS\hpgmdl17.dat.temp

2007-12-25 19:27 . 2007-12-25 19:27 <DIR> d-------- C:\Documents and Settings\Helge Mathias\Application Data\HP

2007-12-25 19:27 . 2007-01-24 09:46 438,272 -ra------ C:\WINDOWS\system32\hpg400co.dll

2007-12-25 19:25 . 2007-12-25 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic

2007-12-25 19:23 . 2007-12-28 11:44 <DIR> d-------- C:\Program Files\Common Files\HP

2007-12-25 19:19 . 2007-12-28 19:00 <DIR> d-------- C:\Program Files\Hewlett-Packard

2007-12-25 19:19 . 2007-12-25 19:19 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-12-25 19:18 . 2007-12-28 19:00 <DIR> d-------- C:\Program Files\HP

2007-12-25 19:15 . 2007-12-25 19:29 100,833 --a------ C:\WINDOWS\hpgins17.dat

2007-12-18 03:05 . 2007-12-18 03:05 <DIR> d-------- C:\Program Files\Shutdown Monster

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-13 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7

2008-01-12 23:49 --------- d-----w C:\Documents and Settings\Helge Mathias\Application Data\uTorrent

2008-01-12 03:02 --------- d-----w C:\Program Files\Opera

2008-01-12 03:01 --------- d-----w C:\Program Files\MSN Messenger

2008-01-12 02:58 --------- d-----w C:\Program Files\iTunes

2008-01-12 02:02 --------- d-----w C:\Program Files\QuickSFV

2008-01-12 02:01 --------- d-----w C:\Program Files\QuickTime

2008-01-12 01:19 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-09 15:26 --------- d-----w C:\Program Files\World of Warcraft

2008-01-08 17:18 --------- d-----w C:\Program Files\Warcraft III

2008-01-07 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-12-31 14:39 --------- d-----w C:\Program Files\Google

2007-12-29 12:46 --------- d-----w C:\Program Files\DominateGame

2007-12-12 13:20 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2007-12-12 02:34 --------- d-----w C:\Program Files\Ventrilo

2007-12-12 02:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-10 23:56 --------- d-----w C:\Program Files\DivX

2007-12-10 14:33 --------- d-----w C:\Documents and Settings\Helge Mathias\Application Data\Hamachi

2007-12-10 14:31 --------- d-----w C:\Program Files\mIRC

2007-12-10 14:31 --------- d-----w C:\Documents and Settings\Helge Mathias\Application Data\mIRC

2007-12-06 17:07 --------- d-----w C:\Documents and Settings\Helge Mathias\Application Data\Sierra Entertainment

2007-12-06 17:03 --------- d-----w C:\Program Files\AGEIA Technologies

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-11-21 14:07 --------- d-----w C:\Program Files\Apple Software Update

2007-11-21 14:06 --------- d-----w C:\Program Files\Common Files\Apple

2007-11-21 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2007-11-20 10:33 --------- d-----w C:\Program Files\DAEMON Tools

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-02 17:17 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-10-06 18:01 4,096 ----a-w C:\Documents and Settings\Helge Mathias\log.dat

2006-03-08 09:55 24,568,967 ----a-w C:\Documents and Settings\Helge Mathias\WoW-1.9.4.5086-to-0.10.0.5140-enGB-patch.exe

2005-12-11 12:08 56 --sh--r C:\WINDOWS\system32\E72E07F895.sys

2005-12-11 12:08 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 483,328 2005-09-24 05:30:38 C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe

----a-w 483,328 2005-09-24 05:30:38 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

----a-w 225,280 2005-10-26 15:35:30 C:\Program Files\Anti-Blaxx 1.18\bak\Anti-Blaxx.exe

----a-w 81,920 2004-08-22 15:05:02 C:\Program Files\D-Tools\bak\daemon.exe

----a-w 49,263 2006-11-09 14:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

----a-w 473,928 2005-11-15 11:12:14 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

----a-w 167,936 2005-10-16 01:15:54 C:\Program Files\PowerISO\bak\SCDEmuApp.exe

----a-w 282,624 2006-09-01 14:57:48 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 286,720 2007-12-11 09:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 15,360 2004-08-03 22:56:50 C:\WINDOWS\system32\bak\ctfmon.exe

----a-w 15,360 2004-08-03 22:56:50 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 08:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3ebf748-c59b-475f-90c3-c22f81cd8c25}]

C:\WINDOWS\system32\kbdPSP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"DVDXGhost"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"WebPro AntiVirus 2.0"="C:\WINDOWS\system32\syshelp\lsass.exe" [ ]

"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Helge Mathias\OctoshapeClient.exe" [ ]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"WebPro AntiVirus 2.0"="C:\WINDOWS\system32\syshelp\lsass.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DXDllRegExe"="C:\WINDOWS\System32\dxdllreg.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [ ]

"MyVBApp"="C:\iexplorer.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]

"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 06:30 483328]

"CmUsbSound"="cmcnfgu.cpl" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-22 23:32 7561216]

"nwiz"="nwiz.exe" [2006-03-22 23:32 1519616 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2006-03-22 23:32 73728 C:\WINDOWS\system32\nvhotkey.dll]

"NvMediaCenter"="NvMCTray.dll" [2006-03-22 23:32 86016 C:\WINDOWS\system32\nvmctray.dll]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-13 20:06 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 00:39 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-01-25 15:19:44]

Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-11-07 09:52:04]

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= C:\Program Files\DVD X Studios\DVD X Utilities 1.5\DVDGhost\ExecuteHooker.dll [2004-07-27 13:33 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdPSP]

kbdPSP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-03 08:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ddf6dc-c979-11da-a3fe-0013ce24e4dd}]

\Shell\AutoRun\command - J:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1743C57F-1A20-1274-0604-040006010205}]

C:\WINDOWS\system32\mdhcp.exe

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 14:07:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-13 20:35:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-13 20:40:40 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-13 19:40:38

.

2008-01-12 02:18:56 --- E O F ---

Mvh.

Helge Mathias Monsen

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Trenger hjelp med det samme! her er loggen jeg fikk da jeg kjørte combofix

ComboFix 08-01-14.4 - Bjørn Aass 2008-01-14 16:58:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1241 [GMT 1:00]

Running from: C:\Documents and Settings\Bjørn Aass\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bjørn Aass\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Programfiler\autorun.inf

C:\WINDOWS\images.zip

.

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))

.

2008-01-14 16:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-12 20:46 . 2008-01-12 20:46 2,570 --a------ C:\WINDOWS\rawr6.rar

2008-01-11 23:13 . 2008-01-11 23:13 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-11 23:13 . 2008-01-11 23:13 45,568 --a------ C:\update.exe

2008-01-11 17:38 . 2008-01-11 17:38 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe

2008-01-11 02:09 . 2008-01-11 02:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\EyePowerGames

2008-01-08 23:19 . 2007-11-19 08:51 5,963,249 --a------ C:\02 Throw It Up.mp3

2008-01-08 23:19 . 2007-11-19 08:51 1,009,033 --a------ C:\01 Kings of Crunk (Intro).mp3

2008-01-06 18:53 . 2008-01-06 18:53 <DIR> d-------- C:\Documents and Settings\Bjrn Aass\Lokale innstillinger

2008-01-06 16:07 . 2008-01-06 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems

2008-01-03 23:37 . 2008-01-03 23:37 <DIR> d-------- C:\Programfiler\MSN Messenger

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-14 15:49 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\Skype

2008-01-13 23:09 --------- d-----w C:\Programfiler\mIRC

2008-01-13 22:28 --------- d-----w C:\Programfiler\Steam

2008-01-11 22:17 --------- d-----w C:\Programfiler\Morpheus

2008-01-11 22:16 --------- d-----w C:\Programfiler\Fortune Lounge Personal Messenger

2008-01-11 22:16 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\Fortune Lounge Personal Messenger

2008-01-11 14:48 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\Azureus

2008-01-10 19:00 --------- d-----w C:\Programfiler\Azureus

2008-01-09 19:38 --------- d-----w C:\Programfiler\World of Warcraft

2008-01-08 15:36 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\Microgaming

2008-01-06 18:20 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-01-06 18:04 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-10 18:14 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\Morpheus

2007-12-01 12:07 --------- d-----w C:\Programfiler\Windows Live Toolbar

2007-11-21 22:05 --------- d-----w C:\Documents and Settings\Bjørn Aass\Programdata\LimeWire

2007-11-14 19:08 --------- d-----w C:\Programfiler\Ventrilo

2007-11-14 19:08 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2005-09-09 10:56 1,048,576,000 ----a-w C:\Programfiler\padding.dat

2003-12-10 14:47 147 ----a-w C:\Programfiler\Register.url

2002-12-06 11:47 32,768 ----a-w C:\Programfiler\Setup.exe

2002-07-25 13:22 120 ----a-w C:\Programfiler\JoWooD Productions Software AG.url

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]

"TOSCDSPD"="C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:57 65536]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 10:08 68856]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-05-28 13:52 23458344]

"Fortune Lounge Personal Messenger"="C:\Programfiler\Fortune Lounge Personal Messenger\Fortune Lounge Personal Messenger.exe" [2007-06-09 01:53 880640]

"Creative Live! Cam Manager"="C:\Programfiler\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 15:00 143360]

"Steam"="c:\programfiler\steam\steam.exe" [2007-09-23 21:50 1258744]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43 45056]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32 761945]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 23:49 15691264 C:\WINDOWS\RTHDCPL.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe]

"THotkey"="C:\Programfiler\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 13:02 352256]

"TPSMain"="TPSMain.exe" [2005-08-04 09:45 266240 C:\WINDOWS\system32\TPSMain.exe]

"Tvs"="C:\Programfiler\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 11:25 73728]

"SmoothView"="C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe" [2005-05-12 12:39 118784]

"TFncKy"="TFncKy.exe" []

"TDispVol"="TDispVol.exe" [2005-09-16 13:16 73728 C:\WINDOWS\system32\TDispVol.exe]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940]

"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]

"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]

"CFSServ.exe"="CFSServ.exe" []

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]

"Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-07 18:00 32768]

"AVFX Engine"="C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-09 12:49 20480]

"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360]

C:\Documents and Settings\nubb\Start-meny\Programmer\Oppstart\

Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programfiler\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14]

C:\Documents and Settings\Bj›rn Aass\Start-meny\Programmer\Oppstart\

Morpheus.lnk - C:\Programfiler\Morpheus\Morpheus.exe [2007-11-14 19:58:18]

Registration Tom Clancy's Rainbow Six [2007-07-09 01:23:28]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08]

R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]

S3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 04:25]

S3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 09:24]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-05 17:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-13 01:12:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

"2008-01-14 15:36:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-14 17:00:05

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\WINDOWS\system32\TDispVol.dll

.

Completion time: 2008-01-14 17:00:24

ComboFix-quarantined-files.txt 2008-01-14 16:00:22

.

2008-01-10 13:33:07 --- E O F ---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

bjorn1991:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

Post loggen sammen med en hjt-logg (Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.)

Du har også en fil som jeg har sett hos enkelte med "msn-viruset". Kan ikke verifisere at det er en problemfil, men jeg ville ha forandret navnet på den for sikkerhets skyld:

C:\WINDOWS\rawr6.rar ==> C:\WINDOWS\rawr6.rar.vir

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Jeg var da dum nok til å trykke på linken, jeg også...

Her er loggen min fra MSNfix: Hva gjør jeg så?

MSNFix 1.633

C:\Documents and Settings\Kristian\Skrivebord\MSNFix

Scan done at 17.01.2008 - 21:14:37,83 By Kristian

normal mode

************************ Checking Files

... C:\DOCUME~1\Kristian\LOKALE~1\Temp\*.dmp

... C:\WINDOWS\images.zip

... C:\WINDOWS\images.zip

... C:\WINDOWS\lssas.exe

... C:\WINDOWS\ntmngr.exe

... C:\WINDOWS\images.zip

************************ MSNCHK ***** /!\ beta test /!\

************************ Checking Folders

No Folders Found

************************ Deleting malware Files

.. OK ... C:\DOCUME~1\Kristian\LOKALE~1\Temp\*.dmp

.. OK ... C:\WINDOWS\images.zip

.. OK ... C:\WINDOWS\images.zip

/!\ ... C:\WINDOWS\lssas.exe

.. OK ... C:\WINDOWS\ntmngr.exe

.. OK ... C:\445930.exe

.. OK ... C:\WINDOWS\images.zip

************************ Registry Cleaning

Others Files will be deleted after a reboot to normal mode

************************ Deleting malware Files

.. OK ... C:\WINDOWS\lssas.exe

************************ Suspect Files

/!\ The detected files must be reviewed by a forum Helper before changes can be made

[C:\623Max.exe] 3B43CABD4232C61454A12E6EB17DC4F0

[C:\63Max.exe] 3B43CABD4232C61454A12E6EB17DC4F0

[C:\mscrd.exe] 7704054D8D85E03F0C17D2029155D9E9

==> Please upload the file C:\DOCUME~1\Kristian\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr

The File and Registry deletions have been saved in 17.01.2008_21202556.zip

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

Post loggfilen fra combofix (c:\combofix.txt)

Det du kan gjøre i mellomtid mens noen sjekker loggen, er å sjekke følgnede filer på dette nettstedet: http://virusscan.jotti.org/:

C:\mscrd.exe

C:\63Max.exe

C:\623Max.exe

Når du er på nevnte nettside, laster du opp en og en fil for en sjekk. Du vil få resultatet rimelig kjapt. Gi tilbakemelding på om det ble funnet noe i tilknytning til filene.

Det kan hende at du må slå på "Hvis skjulte filer og mapper", for å se filene.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive