Arnold3 Skrevet 18. februar 2008 Rapporter Del Skrevet 18. februar 2008 (endret) Får opp melding fra Norman Antivirus at den finner en trojan ved navn PolyCrypt.F plassering h:\system volume , windows ligger på c:\windows. H: disken er en ekstern usb disk. mappen h:\system volume information\ får jeg access denied hvis jeg prøver å gå inn i den. Denne meldingen kommer opp flere ganger om dagen...... Har prøvd å google etter Trjoanen men finner ikke noe særlig info om den. Noen som kan hjelpe? Fant ogsså nå W32/ircbot.YGG.... ser ut som der er flere skummle ormer i mitt system:( Sier at den flytter filene i karantene men stoler ikke helt på det. Endret 18. februar 2008 av houzetown Lenke til kommentar
snippsat Skrevet 18. februar 2008 Rapporter Del Skrevet 18. februar 2008 (endret) Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Do a system scan and save a logfile" . Loggfilen kopierer du og limer inn i posten din. System Volume Information I denne folder blir filer for systemgjenoppretting lagret. For og resette systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting[slå av restart]-*-[slå på igjen] Du kan vente med dette til jeg har sett over loggen. Norman er kjent for og gi litt for mange meldinger. Endret 18. februar 2008 av SNIPPSAT Lenke til kommentar
Arnold3 Skrevet 18. februar 2008 Forfatter Rapporter Del Skrevet 18. februar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:26:43 AM, on 02/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norman\Npm\Bin\eLogsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norman\Npm\bin\ZLH.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Program Files\Norman\Npm\bin\NJEEVES.EXE C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE C:\Program Files\Norman\Nvc\BIN\NIP.EXE C:\Program Files\Norman\Nvc\bin\nvcoas.exe C:\Program Files\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cake Poker\cake.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\henrik huseby\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5356FC8C-2A67-4041-BA12-AFA327CE615B}: NameServer = 10.0.0.1 O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kwari.xLoader - Unknown owner - C:\Documents.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 10636 bytes Lenke til kommentar
snippsat Skrevet 18. februar 2008 Rapporter Del Skrevet 18. februar 2008 Ser bra ut. Vi tar combofix denne kan si mere. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Arnold3 Skrevet 18. februar 2008 Forfatter Rapporter Del Skrevet 18. februar 2008 ComboFix 08-02-18.1 - 2008-02-18 11:08:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.1439 [GMT 1:00] WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))) . 2008-02-17 21:26 . 2008-02-17 21:36 <DIR> d-------- C:\Program Files\IT Larsen 2008-02-15 18:06 . 2007-09-17 15:24 212,024 --a------ C:\WINDOWS\system32\nscrnsav.scr 2008-02-15 05:30 . 2007-09-06 09:45 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2008-02-15 05:29 . 2008-02-18 11:07 <DIR> d-------- C:\Program Files\Norman 2008-02-15 05:29 . 2008-02-15 05:29 <DIR> d-------- C:\Documents and Settings\henrik huseby\Application Data\InstallShield 2008-02-13 18:36 . 2008-02-13 18:36 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-02-13 18:36 . 2007-04-09 12:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-02-13 18:35 . 2008-02-13 18:36 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-02-13 18:35 . 2008-02-13 18:35 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-02-10 17:45 . 2008-02-10 17:45 1,409 --a------ C:\WINDOWS\system32\tmp4153E.FOT 2008-02-08 23:38 . 2008-02-08 23:38 <DIR> d-------- C:\Documents and Settings\henrik huseby\Application Data\Thinstall 2008-02-08 23:36 . 2008-02-09 00:50 <DIR> d-------- C:\Program Files\EphPod 2008-02-07 04:17 . 2008-02-07 04:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-02-06 19:52 . 2008-02-06 19:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-02-05 23:38 . 2008-02-10 20:08 <DIR> d-------- C:\Program Files\SunPoker.com 2008-02-05 23:38 . 2007-08-01 10:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe 2008-02-01 20:55 . 2008-02-11 20:15 <DIR> d-------- C:\Program Files\LimeWire 2008-02-01 20:55 . 2008-02-11 23:39 <DIR> d-------- C:\Documents and Settings\henrik huseby\Application Data\LimeWire 2008-01-29 14:43 . 2008-01-29 14:43 <DIR> d-------- C:\Program Files\GameTimePlus 2008-01-23 19:40 . 2008-01-23 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-01-23 19:40 . 2008-01-23 19:41 8 --a------ C:\WINDOWS\system32\nvModes.dat 2008-01-23 17:55 . 2008-01-23 22:46 <DIR> d-------- C:\Program Files\MansionPoker 2008-01-21 21:15 . 2008-01-21 21:15 <DIR> d-------- C:\Program Files\iPod 2008-01-21 21:15 . 2008-02-18 11:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-21 21:15 . 2008-01-21 21:15 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-21 21:14 . 2008-01-21 21:14 <DIR> d-------- C:\Program Files\QuickTime 2008-01-21 21:14 . 2008-01-21 21:15 <DIR> d-------- C:\Program Files\iTunes 2008-01-21 15:12 . 2008-01-21 15:15 980 --a------ C:\WINDOWS\eReg.dat 2008-01-19 19:57 . 2008-01-19 19:55 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-19 19:55 . 2008-01-19 19:57 <DIR> d-------- C:\Documents and Settings\henrik huseby\.housecall6.6 2008-01-19 19:49 . 2008-01-19 19:49 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-17 21:15 --------- d-----w C:\Program Files\Cake Poker 2008-02-16 06:29 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-02-15 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-12 16:45 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-12 01:46 --------- d-----w C:\Program Files\PokerStars 2008-02-11 19:15 --------- d-----w C:\Program Files\Kwari 2008-02-09 08:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-09 08:56 --------- d-----w C:\Program Files\Poker Tracker V2 2008-02-08 01:15 --------- d-----w C:\Program Files\Poker World 2008-02-05 22:27 --------- d-----w C:\Program Files\PartyGaming 2008-01-15 12:27 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\VidaOne 2008-01-14 20:13 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\Apple Computer 2008-01-14 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-14 20:12 --------- d-----w C:\Program Files\Common Files\Apple 2008-01-08 07:31 --------- d-----w C:\Program Files\Electronic Arts 2008-01-06 23:20 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\dvdcss 2008-01-03 18:21 --------- d-----w C:\Program Files\Java 2008-01-03 18:21 --------- d-----w C:\Program Files\Common Files\Java 2007-12-31 13:13 --------- d-----w C:\Program Files\Betfair 2007-12-31 13:13 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\Betfair 2007-12-25 23:26 --------- d-----w C:\Program Files\D-Link 2007-12-25 23:26 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-25 23:26 --------- d-----w C:\Program Files\ANI 2007-12-25 17:47 --------- d-----w C:\Program Files\TowerGaming 2007-12-25 16:32 155,995 ----a-w C:\WINDOWS\java\Packages\3DVLVHZV.ZIP 2007-12-23 01:02 --------- d-----w C:\Program Files\EA Games 2007-12-23 00:05 --------- d-----w C:\Program Files\Apple Software Update 2007-12-23 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-12-22 23:47 --------- d-----w C:\Program Files\QuickPar 2007-12-21 02:23 --------- d-----w C:\Program Files\Xvid 2007-12-20 23:39 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\mirabyte 2007-12-20 18:54 --------- d-----w C:\Documents and Settings\henrik huseby\Application Data\NewsLeecher 2007-12-20 17:20 --------- d-----w C:\Program Files\SQLite ODBC Driver 2007-12-19 18:06 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-19 18:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-19 18:06 22,328 ----a-w C:\Documents and Settings\henrik huseby\Application Data\PnkBstrK.sys 2007-12-19 18:06 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-19 17:58 --------- d-----w C:\Program Files\Activision 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 17:28 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-15 17:26 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-12-15 14:30 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-12-15 14:30 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-12-15 14:12 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-12-07 02:01 825,344 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:29 551,936 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 07:49 16377344 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736] "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2007-01-17 17:01 496640] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136] "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 14:25 1011712] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2006-07-22 23:49 5376 C:\WINDOWS\system32\antiwpa.dll R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45] R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 03:17] S3 Kwari.xLoader;Kwari.xLoader;C:\Documents and Settings\henrik huseby\Local Settings\Application Data\Micro Forte\Kwari\Kwari.xLoader.32 [] S4 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\system32\NTACCESS.SYS [2006-05-18 13:14] *Newly Created Service* - WEBNTACCESS . Contents of the 'Scheduled Tasks' folder "2008-02-11 20:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-18 11:11:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-18 11:12:11 ComboFix2.txt 2008-02-18 10:04:50 . 2008-02-14 02:01:58 --- E O F --- Lenke til kommentar
snippsat Skrevet 18. februar 2008 Rapporter Del Skrevet 18. februar 2008 Ser fint ut dette Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Lenke til kommentar
Arnold3 Skrevet 18. februar 2008 Forfatter Rapporter Del Skrevet 18. februar 2008 ok tusen takk for hjelpen!!!, da har vel norman gjort jobben riktig ved å stoppe og fjerne ormene:) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå