poffy Skrevet 4. desember 2008 Rapporter Del Skrevet 4. desember 2008 Norton mener jeg har virus. Det er vel ca 14 dager til abonnementet jeg har på norton går ut, så jeg blir litt misteksom om det kan være dær feilen ligger eller noe. Har tatt en sånn automatisk analyse på loggen til hijackthis, men kan ikke se at den har funnet no dær ivertfall. Kan noen skjekke loggen min please og gi meg en t skje forklaring og hjelp hvis det er no ? Logg : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:39, on 04.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\MediaMonkey\MediaMonkey.exe C:\Programfiler\FlashGet\flashget.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programfiler\FlashGet\jccatch.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programfiler\FlashGet\getflash.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe O8 - Extra context menu item: &Last ned alle med FlashGet - C:\Programfiler\FlashGet\jc_all.htm O8 - Extra context menu item: &Last ned med FlashGet - C:\Programfiler\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programfiler\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221567311465 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221590635640 O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 10633 bytes Tusen takk. Mvh poffy Lenke til kommentar
norbat Skrevet 4. desember 2008 Rapporter Del Skrevet 4. desember 2008 Hva er det Norton finner og hvor finner Norton dette 'viruset'? Lenke til kommentar
poffy Skrevet 4. desember 2008 Forfatter Rapporter Del Skrevet 4. desember 2008 Hva er det Norton finner og hvor finner Norton dette 'viruset'? Finner noe i sens.dll står det her. Videre står det at trusselen heter W32 Grenail!int. hvet ikke hva det er eller hvor det er jeg, men. Kjempe fint at du ser på det. Tusen takk. Mvh poffy Lenke til kommentar
norbat Skrevet 4. desember 2008 Rapporter Del Skrevet 4. desember 2008 Kan du ikke la Norton 'rense' - eller er det problemer med det? Lenke til kommentar
poffy Skrevet 4. desember 2008 Forfatter Rapporter Del Skrevet 4. desember 2008 Kan du ikke la Norton 'rense' - eller er det problemer med det? Norton greier ikke rense eller ta den eller noe som helst. Greier ikke engang å isolere den. Lenke til kommentar
snippsat Skrevet 4. desember 2008 Rapporter Del Skrevet 4. desember 2008 Norton greier ikke rense eller ta den eller noe som helst Ok vi ser litt nærmere på dette. Fint om du hadde tatt med korrekt plassering av hvor norton finner dette. Du må se etter logg eller noe som gir mere info. sens.dll står det her. Gir norton advarsler om den scanner du den her. Virustotal Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
poffy Skrevet 4. desember 2008 Forfatter Rapporter Del Skrevet 4. desember 2008 Sånn. Viruset ligger på c:/ Windows / System 32/sens.dll. Scannet filen med virus total jeg fikk linken til å den fant Trojan.LooksLike.Patched. Lastet ned og kjørte og scannet med combofix. Logg:ComboFix 08-12-03.04 - Eier 2008-12-04 18:34:55.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.116 [GMT 1:00] Kjører fra: c:\downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Autorun.inf c:\windows\system32\spoolsv.exe . . . er infisert!! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-04 til 2008-12-04 ))))))))))))))))))))))))))))))))) . 2008-12-04 11:36 . 2008-12-04 11:36 <DIR> dr-h----- c:\documents and settings\Eier\Siste 2008-12-03 20:36 . 2008-12-03 20:36 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR 2008-12-03 20:28 . 2008-12-03 20:28 <DIR> d-------- c:\programfiler\Google 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\programfiler\NOS 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS 2008-11-22 16:25 . 2008-11-22 16:24 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-12 12:49 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:48 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-04 17:37 --------- d-----w c:\programfiler\FlashGet 2008-12-04 17:37 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-12-03 19:42 --------- d-----w c:\documents and settings\Eier\Programdata\OpenOffice.org2 2008-12-03 19:35 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-01 07:18 --------- d-----w c:\programfiler\Norton Internet Security 2008-11-29 18:45 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-22 15:24 --------- d-----w c:\programfiler\Java 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-04 12:29 --------- d-----r c:\documents and settings\Eier\Programdata\Brother . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-29 1805552] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-03 171448] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-22 136600] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-09-16 100056] "QuickTime Task"="c:\programfiler\QuickTime Alternative\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\FlashGet\\flashget.exe"= R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] S3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-04 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-04 18:39:31 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(532) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Symantec Shared\CCPROXY.EXE c:\programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE c:\programfiler\Norton Internet Security\ISSVC.exe c:\programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe c:\programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe c:\programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE c:\windows\system32\brss01a.exe c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\apps\HIDSERVICE\HidService.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\programfiler\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\apps\ABOARD\AOSD.EXE c:\programfiler\OpenOffice.org 2.4\program\soffice.exe c:\programfiler\OpenOffice.org 2.4\program\soffice.bin c:\programfiler\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE c:\programfiler\Messenger\msmsgs.exe c:\docume~1\Eier\LOKALE~1\Temp\SSUPDATE.EXE c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-04 18:46:30 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-04 17:45:55 Pre-Run: 24 895 430 656 byte ledig Post-Run: 24,905,953,280 byte ledig 136 --- E O F --- 2008-11-12 21:41:01 For noe styr. Hva kan jeg gjøre videre da? Tusen takk for all hjelp. Lenke til kommentar
norbat Skrevet 4. desember 2008 Rapporter Del Skrevet 4. desember 2008 Hent Dr.Web, lagre det på skrivebordet. Restart i Sikker modus (tapp F8 under oppstart) Kjør drweb-cureit.exe og klikk Start. Det kjøres nå en ekspresskann. Når dette er ferdig klikker du på Innstillinger -> Endre innstillinger Under fanearket Skann, fjerner du haken ved Heuristic analysis. Under fanearket Actions/Avgjørelser, skal alle punkt under Malware settes til Endre. Klikk OK Sett deretter merke framfor Full skann. Du starter skanningne ved å klikke på den 'grønne pila'. Velg "yes to all" når det finner noe for første gang. Når scanningen er ferdig, gå til "file" – Trykk på- "Save Report list". En fil med navn "drweb.csv" vil da ligge på skrivebordet. Den poster du sammen med en ny Combofix-logg (kjør altså combofix på nytt etter DrWeb) Lenke til kommentar
poffy Skrevet 5. desember 2008 Forfatter Rapporter Del Skrevet 5. desember 2008 Sånn. Her er Dr Web loggen: psexec.cfexe;C:\ComboFix;Program.PsExec.171;Endret.; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Downloads\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Downloads;Arkiv inneholder infiserte objekter;Flyttet.; POSTOOBE.NEC;C:\DRIVERS;VBS.Generic.278;Slettet.; 31730823.dll;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.Click.21379;Slettet.; 3C132671.dll;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.Siggen.224;Slettet.; 45626575.exe;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.DownLoad.10026;Slettet.; 4FB05DA5.dll;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.Starter.681;Slettet.; 4FB307A2.dll;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.DownLoad.10027;Slettet.; 6F3C6D61.dll;C:\Programfiler\Norton Internet Security\Norton AntiVirus\Quarantine;Trojan.Click.21379;Slettet.; A0003993.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.DownLoad.6096;Slettet.; A0004003.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.MulDrop.19559;Slettet.; A0004004.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0004029.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0004035.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0004041.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.MulDrop.19559;Slettet.; A0004042.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0004048.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.MulDrop.19559;Slettet.; A0004049.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0005055.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.MulDrop.19559;Slettet.; A0005056.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP21;Trojan.Inject.3868;Slettet.; A0005070.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP22;Trojan.Inject.3868;Slettet.; A0005155.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP22;Trojan.DownLoad.6096;Slettet.; A0005169.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP23;Trojan.Inject.3868;Slettet.; A0005170.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP23;Trojan.MulDrop.19559;Slettet.; A0005244.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP24;Trojan.Inject.3868;Slettet.; A0005245.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP24;Trojan.MulDrop.19559;Slettet.; A0005320.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP25;Trojan.Inject.3868;Slettet.; A0005321.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP25;Trojan.MulDrop.19559;Slettet.; A0005394.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP26;Trojan.Inject.3868;Slettet.; A0005395.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP26;Trojan.MulDrop.19559;Slettet.; A0005466.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005467.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.MulDrop.19559;Slettet.; A0005528.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.MulDrop.19559;Slettet.; A0005529.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005536.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005658.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005668.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005683.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Inject.3868;Slettet.; A0005774.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP27;Trojan.Click.21379;Slettet.; A0005804.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP28;Trojan.Click.21379;Slettet.; A0005807.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP28;Trojan.Click.21379;Slettet.; A0006495.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP41;Trojan.Click.21379;Slettet.; A0006551.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP45;Trojan.Siggen.224;Slettet.; A0006578.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP47;Trojan.Siggen.224;Slettet.; A0006592.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP47;Trojan.Siggen.224;Slettet.; A0006621.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP50;Trojan.Siggen.224;Slettet.; A0006641.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP51;Trojan.Siggen.224;Slettet.; A0006659.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP51;Trojan.Click.21379;Slettet.; A0006802.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP62;Trojan.Starter.681;Slettet.; A0006803.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP62;Trojan.DownLoad.10027;Slettet.; A0007088.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP75;Trojan.DownLoad.10026;Slettet.; A0007290.EXE;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP82;Program.PsExec.170;Endret.; A0007339.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83\A0007339.exe;Program.PsExec.171;; A0007339.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Arkiv inneholder infiserte objekter;Flyttet.; A0007340.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.Click.21379;Slettet.; A0007341.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.Siggen.224;Slettet.; A0007342.exe;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.DownLoad.10026;Slettet.; A0007343.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.Starter.681;Slettet.; A0007344.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.DownLoad.10027;Slettet.; A0007345.dll;C:\System Volume Information\_restore{C9F0B078-DCCF-4440-BF1A-0BBF2DE6AC9F}\RP83;Trojan.Click.21379;Slettet.; Også har vi combo loggen : ComboFix 08-12-04.04 - Eier 2008-12-05 1:39:08.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.117 [GMT 1:00] Kjører fra: c:\downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-05 til 2008-12-05 ))))))))))))))))))))))))))))))))) . 2008-12-04 23:38 . 2008-12-05 00:12 <DIR> d-------- c:\documents and settings\Eier\DoctorWeb 2008-12-04 11:36 . 2008-12-05 01:33 <DIR> dr-h----- c:\documents and settings\Eier\Siste 2008-12-03 20:36 . 2008-12-03 20:36 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR 2008-12-03 20:28 . 2008-12-04 23:15 <DIR> d-------- c:\programfiler\Google 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\programfiler\NOS 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS 2008-11-22 16:25 . 2008-11-22 16:24 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-12 12:49 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:48 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 00:40 --------- d-----w c:\programfiler\FlashGet 2008-12-04 23:00 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-12-04 22:18 --------- d-----w c:\documents and settings\Eier\Programdata\OpenOffice.org2 2008-12-03 19:35 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-01 07:18 --------- d-----w c:\programfiler\Norton Internet Security 2008-11-29 18:45 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-22 15:24 --------- d-----w c:\programfiler\Java 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-03 17:31 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:29 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-04_18.43.51.90 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 16:22:20 39,424 ----a-w c:\windows\system32\dllcache\sens.dll - 2008-12-04 17:40:32 39,424 ------w c:\windows\system32\sens.dll + 2008-04-14 16:22:20 39,424 ----a-w c:\windows\system32\sens.dll + 2008-12-04 22:15:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_564.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-29 1805552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-22 136600] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-09-16 100056] "QuickTime Task"="c:\programfiler\QuickTime Alternative\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\FlashGet\\flashget.exe"= R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-09-16 100032] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-05 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-05 01:40:56 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(524) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll . Tidspunkt ferdig: 2008-12-05 1:41:59 ComboFix-quarantined-files.txt 2008-12-05 00:41:52 ComboFix2.txt 2008-12-04 17:46:37 Pre-Run: 24 804 368 384 byte ledig Post-Run: 24,851,435,520 byte ledig 134 --- E O F --- 2008-11-12 21:41:01 Håper noe av det er fikset nå da. Tusen takk for all hjelp. Lenke til kommentar
norbat Skrevet 5. desember 2008 Rapporter Del Skrevet 5. desember 2008 Gå til nettstedet Virustotalog last opp følgende fil for sjekk: c:\windows\system32\sens.dll Gi tilbakemelding på om det ble funnet noe på fila. Melder Norton fortsatt om 'virus'? Lenke til kommentar
poffy Skrevet 5. desember 2008 Forfatter Rapporter Del Skrevet 5. desember 2008 Gå til nettstedet Virustotalog last opp følgende fil for sjekk:c:\windows\system32\sens.dll Gi tilbakemelding på om det ble funnet noe på fila. Melder Norton fortsatt om 'virus'? Under virus total står det under resultater SecureWeb-Gateway 6.7.6 2008.12.05 Trojan.LooksLike.Patched. Å litt lengre ned på siden står det : 4 exports ) SensNotifyNetconEvent, SensNotifyRasEvent, SensNotifyWinlogonEvent, ServiceMain Men Norton finner ikke lenger viruset jeg hadde da. Hvordan ligger det ann nå ? Tusen takk norbat. Lenke til kommentar
norbat Skrevet 5. desember 2008 Rapporter Del Skrevet 5. desember 2008 Last ned ny combofix og post ny logg, så tar vi en siste titt. Lenke til kommentar
poffy Skrevet 5. desember 2008 Forfatter Rapporter Del Skrevet 5. desember 2008 Last ned ny combofix og post ny logg, så tar vi en siste titt. Her er ny combofix logg : ComboFix 08-12-04.05 - Eier 2008-12-05 17:16:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.175 [GMT 1:00] Kjører fra: c:\downloads\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-05 til 2008-12-05 ))))))))))))))))))))))))))))))))) . 2008-12-05 01:45 . 2008-12-05 01:45 <DIR> d-------- C:\combo fix by logg 2008-12-04 23:38 . 2008-12-05 00:12 <DIR> d-------- c:\documents and settings\Eier\DoctorWeb 2008-12-04 11:36 . 2008-12-05 01:49 <DIR> dr-h----- c:\documents and settings\Eier\Siste 2008-12-03 20:36 . 2008-12-03 20:36 <DIR> d-------- c:\programfiler\Fellesfiler\Adobe AIR 2008-12-03 20:28 . 2008-12-04 23:15 <DIR> d-------- c:\programfiler\Google 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\programfiler\NOS 2008-12-03 20:27 . 2008-12-03 20:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\NOS 2008-11-22 16:25 . 2008-11-22 16:24 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-12 12:49 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 12:48 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 14:41 --------- d-----w c:\documents and settings\Eier\Programdata\OpenOffice.org2 2008-12-05 00:54 --------- d-----w c:\programfiler\FlashGet 2008-12-04 23:00 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-12-03 19:35 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-01 07:18 --------- d-----w c:\programfiler\Norton Internet Security 2008-11-29 18:45 --------- d-----w c:\programfiler\SUPERAntiSpyware 2008-11-22 15:24 --------- d-----w c:\programfiler\Java 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-03 17:31 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:29 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-04_18.43.51.90 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 16:22:20 39,424 ----a-w c:\windows\system32\dllcache\sens.dll - 2008-12-04 17:40:32 39,424 ------w c:\windows\system32\sens.dll + 2008-04-14 16:22:20 39,424 ----a-w c:\windows\system32\sens.dll + 2008-12-05 14:37:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c4.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-29 1805552] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-22 136600] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-01-31 58728] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-09-16 100056] "QuickTime Task"="c:\programfiler\QuickTime Alternative\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 c:\windows\SOUNDMAN.EXE] c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\FlashGet\\flashget.exe"= R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2008-09-16 100032] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-05 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-05 17:18:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(532) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll . Tidspunkt ferdig: 2008-12-05 17:19:13 ComboFix-quarantined-files.txt 2008-12-05 16:19:01 ComboFix2.txt 2008-12-05 00:42:00 ComboFix3.txt 2008-12-04 17:46:37 Pre-Run: 24 825 552 896 byte ledig Post-Run: 24,825,368,576 byte ledig 136 --- E O F --- 2008-11-12 21:41:01 Håper den ser bra ut da. tusen takk. Lenke til kommentar
norbat Skrevet 5. desember 2008 Rapporter Del Skrevet 5. desember 2008 Ja, det ser veldig fint ut Kjør en diskopprydding med CCleaner: (Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil.) Deretter avinstallerer du combofix ved å skrive combofix /u i kjør-feltet (start->kjør Lenke til kommentar
poffy Skrevet 5. desember 2008 Forfatter Rapporter Del Skrevet 5. desember 2008 Ja, det ser veldig fint ut Kjør en diskopprydding med CCleaner: (Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Register'til det ikke finner flere feil.) Deretter avinstallerer du combofix ved å skrive combofix /u i kjør-feltet (start->kjør Har alt ccleaner så det går fint. Så fint at det ser bra ut. nå ble jeg lettet. Tusen takk for all hjelpen norbat. Lenke til kommentar
r2d290 Skrevet 5. desember 2008 Rapporter Del Skrevet 5. desember 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. Surf trygt, og god jul Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå