Søg
Avatar billede joehan Nybegynder
19. november 2007 - 21:42 Der er 12 kommentarer

W32.Fujacks.E

Mit nye Norton Antivirus 2008 registrerer en W32.Fujacks.E i c:\users\public\games.exe.
Virusprogrammet blokerer, men jeg er lidt utryg ved situationen.
Her er en log fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:41:27, on 19-11-2007
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\Johan\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Program Files\TEXTware\Illuminator 2\Illview02.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9491 bytes

Håber at alt er som det skal være?
Avatar billede arlet Juniormester
19. november 2007 - 21:59 #1
1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Hent hijackthis herfra: www.arlet.dk/hijackthis.htm

4)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

NB - Hvis combofix ikke vil køre, så sæt uret tilbage til datoen: 16/11 og hent så combofix igen og sæt derefter datoen frem igen

Vi skal se logs fra punkt 2 - 3 - 4
Avatar billede arlet Juniormester
19. november 2007 - 22:00 #2
3) den skal du hente, da det er en gammel version af hijackthis du har brugt..
Avatar billede Computer Hjælp (Gratis) Mester
19. november 2007 - 22:00 #3
Er mappen
c:\users\public\games.exe.
noget du kender til ?
Avatar billede Computer Hjælp (Gratis) Mester
19. november 2007 - 22:01 #4
(Få sekunder *S*)
Avatar billede joehan Nybegynder
20. november 2007 - 12:36 #5
Nej, games.exe kender jeg ikke noget til. Den findes tilsyneladende ikke når man søger på den.
Jeg har lige et spørgsmål til dig, arlet:
Under punkt 2: Skal jeg køre alle de programmer, eller skal jeg bare lægge en log op her fra CCleaner?
Avatar billede arlet Juniormester
20. november 2007 - 12:50 #6
Du skal komme med en log fra scanneren i punkt 2

Og ja, du skal følge hele vejledningen punkt for punkt..
Avatar billede joehan Nybegynder
20. november 2007 - 15:47 #7
HiJackThis virker ikke. Har du ikke et andet link, der er den nyeste version?
Avatar billede arlet Juniormester
20. november 2007 - 16:45 #8
Det virker fint her..  Prøv igen..
Avatar billede joehan Nybegynder
20. november 2007 - 16:52 #9
Når jeg skal pakke ud kommer der en fejlmeddelse, hvor der står:
An error prevents this program from continuing:
Could not extract the current file. Adgang nægtet.
Avatar billede arlet Juniormester
20. november 2007 - 17:19 #10
okay, spring den over i første omgang
Avatar billede joehan Nybegynder
21. november 2007 - 16:34 #11
Her følger de forskellige logs:

Først er der den fra SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2007 at 03:42 PM

Application Version : 3.9.1008

Core Rules Database Version : 3347
Trace Rules Database Version: 1348

Scan type      : Complete Scan
Total Scan Time : 00:30:22

Memory items scanned      : 754
Memory threats detected  : 0
Registry items scanned    : 8241
Registry threats detected : 0
File items scanned        : 68686
File threats detected    : 1

Adware.Tracking Cookie
    C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Cookies\johan@track.adform[2].txt

Den fra ComboFix:
ComboFix 07-11-08.3 - Johan 2007-11-16 16:29:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.1286 [GMT 1:00]
Running from: C:\Users\Johan\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-10-16 to 2007-11-16  )))))))))))))))))))))))))))))))
.

2007-11-21 16:20    51,200    --a------    C:\Windows\NirCmd.exe
2007-11-20 15:06    <DIR>    d--------    C:\Users\Johan\AppData\Roaming\SUPERAntiSpyware.com
2007-11-20 15:06    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2007-11-20 15:06    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2007-11-20 15:06    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-11-20 12:22    <DIR>    d--------    C:\Program Files\CCleaner
2007-11-17 21:11    1,244,672    --a------    C:\Windows\System32\mcmde.dll
2007-11-16 16:24    <DIR>    d--------    C:\sUBs
2007-11-14 19:29    <DIR>    d--------    C:\Program Files\Norton AntiVirus
2007-11-14 19:28    123,952    --a------    C:\Windows\System32\drivers\SYMEVENT.SYS
2007-11-14 17:08    224,768    --a------    C:\Windows\System32\drivers\usbport.sys
2007-11-14 17:08    192,000    --a------    C:\Windows\System32\drivers\usbhub.sys
2007-11-14 17:08    73,216    --a------    C:\Windows\System32\drivers\usbccgp.sys
2007-11-14 17:08    38,400    --a------    C:\Windows\System32\drivers\usbehci.sys
2007-11-14 17:08    23,040    --a------    C:\Windows\System32\drivers\usbuhci.sys
2007-11-14 17:08    8,704    --a------    C:\Windows\System32\hcrstco.dll
2007-11-14 17:08    8,704    --a------    C:\Windows\System32\hccoin.dll
2007-11-14 17:08    5,888    --a------    C:\Windows\System32\drivers\usbd.sys
2007-11-10 13:18    <DIR>    d--------    C:\Program Files\iTunes
2007-11-10 13:16    <DIR>    d--------    C:\Program Files\QuickTime
2007-11-04 18:23    <DIR>    d--------    C:\Users\All Users\Adobe Systems
2007-11-04 18:23    <DIR>    d--------    C:\ProgramData\Adobe Systems
2007-11-04 18:17    <DIR>    d--------    C:\Program Files\Common Files\Adobe Systems Shared
2007-11-02 17:05    <DIR>    d--------    C:\Users\All Users\Lavasoft
2007-11-02 17:05    <DIR>    d--------    C:\ProgramData\Lavasoft
2007-10-22 18:35    <DIR>    d--------    C:\Users\Johan\AppData\Roaming\TEXTware
2007-10-22 18:35    <DIR>    d--------    C:\Users\Johan\AppData\Roaming\Gyldendal
2007-10-22 18:34    <DIR>    d--------    C:\Program Files\TEXTware
2007-10-22 18:34    <DIR>    d--------    C:\Program Files\Gyldendal
2007-10-22 18:33    307,200    --a------    C:\Windows\IsUn0406.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 14:05    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 13:29    13,025    ----a-w    C:\Users\Johan\AppData\Roaming\nvModes.dat
2007-11-19 20:11    ---------    d-----w    C:\Program Files\Microsoft Works
2007-11-19 20:11    ---------    d-----w    C:\Program Files\Google
2007-11-19 20:11    ---------    d-----w    C:\Program Files\Common Files\SureThing Shared
2007-11-19 20:11    ---------    d-----w    C:\Program Files\AGEIA Technologies
2007-11-14 18:43    805    ----a-w    C:\Windows\system32\drivers\SYMEVENT.INF
2007-11-14 18:43    10,740    ----a-w    C:\Windows\system32\drivers\SYMEVENT.CAT
2007-11-14 18:43    ---------    d-----w    C:\Program Files\Symantec
2007-11-14 18:36    ---------    d-----w    C:\ProgramData\Symantec
2007-11-14 18:36    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2007-11-14 16:10    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 16:10    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2007-11-14 16:10    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2007-11-14 16:10    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2007-11-14 16:10    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2007-11-14 16:10    3,504,824    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2007-11-14 16:10    3,471,032    ----a-w    C:\Windows\System32\ntoskrnl.exe
2007-11-14 16:10    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2007-11-14 16:10    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2007-11-14 16:10    28,344    ----a-w    C:\Windows\system32\drivers\battc.sys
2007-11-14 16:10    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2007-11-14 16:10    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2007-11-14 16:10    20,920    ----a-w    C:\Windows\system32\drivers\compbatt.sys
2007-11-14 16:10    2,923,520    ----a-w    C:\Windows\explorer.exe
2007-11-14 16:10    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2007-11-14 16:10    14,208    ----a-w    C:\Windows\system32\drivers\CmBatt.sys
2007-11-14 16:10    11,264    ----a-w    C:\Windows\system32\drivers\wmiacpi.sys
2007-11-14 16:08    ---------    d-----w    C:\Program Files\Windows Mail
2007-11-10 12:18    ---------    d-----w    C:\Program Files\iPod
2007-11-04 17:18    ---------    d-----w    C:\Program Files\Common Files\Adobe
2007-11-01 14:25    ---------    d-----w    C:\Program Files\MSN Messenger
2007-10-22 16:32    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-10-10 19:49    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2007-10-10 19:49    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2007-10-10 19:49    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2007-10-10 19:49    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 19:47    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2007-10-10 19:46    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2007-10-10 19:46    737,792    ----a-w    C:\Windows\System32\inetcomm.dll
2007-10-10 19:46    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2007-10-10 19:46    26,624    ----a-w    C:\Windows\System32\ieUnatt.exe
2007-10-10 19:45    788,992    ----a-w    C:\Windows\System32\rpcrt4.dll
2007-10-07 10:23    278,528    ----a-w    C:\Windows\System32\livesnth.dll
2007-10-07 10:23    203,776    ----a-w    C:\Windows\System32\clrviddc.dll
2007-10-07 10:17    ---------    d-----w    C:\Program Files\Common Files\xing shared
2007-10-07 10:17    ---------    d-----w    C:\Program Files\Common Files\Real
2007-10-07 10:16    ---------    d-----w    C:\Program Files\Real
2007-10-06 14:39    0    ----a-w    C:\Users\Johan\AppData\Roaming\wklnhst.dat
2007-10-06 14:39    ---------    d-----w    C:\Users\Johan\AppData\Roaming\Template
2007-09-20 05:47    ---------    d-----w    C:\Program Files\Gyldendals Mediumordbøger - Tysk
2007-09-18 13:44    10,662    ----a-w    C:\Windows\system32\drivers\srtspx.cat
2007-09-18 13:44    10,662    ----a-w    C:\Windows\system32\drivers\srtspl.cat
2007-09-18 13:44    10,658    ----a-w    C:\Windows\system32\drivers\srtsp.cat
2007-09-18 13:44    1,430    ----a-w    C:\Windows\system32\drivers\srtspl.inf
2007-09-18 13:44    1,421    ----a-w    C:\Windows\system32\drivers\srtspx.inf
2007-09-18 13:44    1,415    ----a-w    C:\Windows\system32\drivers\srtsp.inf
2007-09-18 13:43    43,696    ----a-w    C:\Windows\system32\drivers\srtspx.sys
2007-09-18 13:43    317,616    ----a-w    C:\Windows\system32\drivers\srtspl.sys
2007-09-18 13:43    278,576    ----a-w    C:\Windows\system32\drivers\srtsp.sys
2007-09-12 18:13    229,888    ----a-w    C:\Windows\System32\msshsq.dll
2007-08-29 16:49    174    --sha-w    C:\Program Files\desktop.ini
2007-08-29 16:21    8,192    ----a-w    C:\Windows\System32\riched32.dll
2007-08-29 16:21    77,824    ----a-w    C:\Windows\System32\rascfg.dll
2007-08-29 16:21    694,784    ----a-w    C:\Windows\System32\localspl.dll
2007-08-29 16:21    52,736    ----a-w    C:\Windows\System32\rasdiag.dll
2007-08-29 16:21    384,000    ----a-w    C:\Windows\System32\netcfgx.dll
2007-08-29 16:21    36,864    ----a-w    C:\Windows\System32\cdd.dll
2007-08-29 16:21    33,280    ----a-w    C:\Windows\System32\traffic.dll
2007-08-29 16:21    32,768    ----a-w    C:\Windows\System32\rasmxs.dll
2007-08-29 16:21    286,208    ----a-w    C:\Windows\System32\ipnathlp.dll
2007-08-29 16:21    22,016    ----a-w    C:\Windows\System32\rasser.dll
2007-08-29 16:21    15,360    ----a-w    C:\Windows\System32\pacerprf.dll
2007-08-29 16:21    134,656    ----a-w    C:\Windows\System32\dps.dll
2007-08-29 16:21    13,824    ----a-w    C:\Windows\System32\wshqos.dll
2007-08-29 16:21    13,824    ----a-w    C:\Windows\System32\icsunattend.exe
2007-08-29 16:17    88,576    ----a-w    C:\Windows\System32\avifil32.dll
2007-08-29 16:17    82,944    ----a-w    C:\Windows\System32\mciavi32.dll
2007-08-29 16:17    8,138,240    ----a-w    C:\Windows\System32\ssBranded.scr
2007-08-29 16:17    712,192    ----a-w    C:\Windows\System32\WindowsCodecs.dll
2007-08-29 16:17    69,632    ----a-w    C:\Windows\System32\sendmail.dll
2007-08-29 16:17    65,024    ----a-w    C:\Windows\System32\avicap32.dll
2007-08-29 16:17    61,440    ----a-w    C:\Windows\System32\ntprint.exe
2007-08-29 16:17    31,232    ----a-w    C:\Windows\System32\msvidc32.dll
2007-08-29 16:17    269,824    ----a-w    C:\Windows\System32\schannel.dll
2007-08-29 16:17    220,160    ----a-w    C:\Windows\System32\ntprint.dll
2007-08-29 16:17    123,904    ----a-w    C:\Windows\System32\msvfw32.dll
2007-08-29 16:17    120,320    ----a-w    C:\Windows\System32\dhcpcsvc6.dll
2007-08-29 16:17    12,800    ----a-w    C:\Windows\System32\msrle32.dll
2007-08-29 16:17    10,240    ----a-w    C:\Windows\System32\dhcpcmonitor.dll
2007-08-29 16:17    1,984,512    ----a-w    C:\Windows\System32\authui.dll
2007-08-29 16:16    750,080    ----a-w    C:\Windows\System32\qmgr.dll
2007-08-24 16:08    1,275,392    ----a-w    C:\Windows\System32\msxml4.dll
2007-08-22 17:10    53,080    ----a-w    C:\Windows\System32\wuauclt.exe
2007-08-22 17:10    43,352    ----a-w    C:\Windows\System32\wups2.dll
2007-08-22 17:10    1,712,984    ----a-w    C:\Windows\System32\wuaueng.dll
2007-08-22 17:10    1,524,224    ----a-w    C:\Windows\System32\wucltux.dll
2007-08-22 17:09    80,896    ----a-w    C:\Windows\System32\wudriver.dll
2007-08-22 17:09    549,720    ----a-w    C:\Windows\System32\wuapi.dll
2007-08-22 17:09    33,624    ----a-w    C:\Windows\System32\wups.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-14 19:34    116088    --a------    C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 19:59]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:14]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-04 09:15]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-14 00:40]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-14 00:40]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-14 00:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-07 11:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 16:55:50]
Gyldendals R›de Ordb›ger.lnk - C:\Program Files\TEXTware\Illuminator 2\Illview02.exe [2007-10-22 18:34:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071116.001\IDSvix86.sys
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys
R3 btwaudio;Bluetooth-audioenhed;C:\Windows\system32\drivers\btwaudio.sys
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS
S3 BCM43XV;Driver til Broadcom Extensible 802.11-netværkskort;C:\Windows\system32\DRIVERS\bcmwl6.sys
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys
S3 viaagp;VIA AGP Bus Filter;C:\Windows\system32\drivers\viaagp.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted    hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs    BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8997f86-23bc-11dc-9406-001a6b74c1be}]
\shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 19:41:02 C:\Windows\Tasks\Norton AntiVirus - Kør Fuld systemskanning - Johan.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 16:31:42
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 16:32:59
.
    --- E O F ---
Avatar billede arlet Juniormester
21. november 2007 - 17:16 #12
Norton har nok enten sat den i karantæne eller slettet den, for der er ikke noget i dine logs..

Kør lige til sidst trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »