fjerne msn virus: wow, you look like this top-model?

Skrollan · 14. oktober 2007

En del venner av meg har fått MSN viruset wow, you look like this top-model...

noen som vet hvordan man fjærner det?

takker for hjelp...

denieru · 14. oktober 2007

Dama trykte på samme linken. Takker også for all hjelp.

Hijackthis logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:51:31, on 15.10.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Programfiler\Microsoft IntelliType Pro\type32.exe

C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\HDD Health\HDDHealth.exe

C:\Programfiler\Creative\Shared Files\CamTray.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Picasa2\PicasaMediaDetector.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\D-Link\Bluetooth-programvare\BTTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Last.fm\LastFM.exe

C:\Programfiler\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\openglx.exe

D:\Steam\steam.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Daniel\Skrivebord\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [\\server\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P32 "\\server\EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"

O4 - HKLM\..\Run: [Automatisk EPSON Stylus C48 Series på server] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P44 "Automatisk EPSON Stylus C48 Series på server" /O14 "\\SERVER\EPSON" /M "Stylus C48"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Graphic Update] C:\WINDOWS\system32\openglx.exe

O4 - HKCU\..\Run: [steam] "d:\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\HDDHealth.exe -wl

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKCU\..\Run: [\\server\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P32 "\\server\EPSON Stylus C48 Series" /M "Stylus C48" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187199750920

O17 - HKLM\System\CCS\Services\Tcpip\..\{94D0F5D2-D275-494E-A399-2D4AFD1666B3}: NameServer = 130.67.60.68,130.67.15.192

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programfiler\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe

--

End of file - 10370 bytes

Har også scannet med AVG, Ad-aware og Spybot S&D. Fortsatt ser jeg at den sender meldinger til folk i lista mi med jevne mellomrom.

Endret 14. oktober 2007 av denieru

Underpants · 14. oktober 2007

Er jeg den eneste som ikke er så dum at jeg trykker på en link på en msn-melding som står på engelsk?

JFM · 14. oktober 2007

https://www.diskusjon.no/index.php?showtopi...p;#entry9705752

Skrollan · 14. oktober 2007

men, er det ingen som vet hvordan man fjerner det?

Scortech · 14. oktober 2007

Venninne av meg har liksom sendt meg akkurat disse linkene også..

Skrollan · 15. oktober 2007

ingen som vet noe om dette?

norbat · 15. oktober 2007

Dama trykte på samme linken. Takker også for all hjelp.Hijackthis logg:
Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:51:31, on 15.10.2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\CTXFIHLP.EXEC:\WINDOWS\CTHELPER.EXEC:\Programfiler\Microsoft IntelliType Pro\type32.exeC:\Programfiler\Java\jre1.6.0_02\bin\jusched.exeC:\WINDOWS\SYSTEM32\CTXFISPI.EXEC:\Programfiler\iTunes\iTunesHelper.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Programfiler\DAEMON Tools\daemon.exeC:\Programfiler\Skype\Phone\Skype.exeC:\Programfiler\HDD Health\HDDHealth.exeC:\Programfiler\Creative\Shared Files\CamTray.exeC:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exeC:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exeC:\WINDOWS\system32\ctfmon.exeC:\Programfiler\Picasa2\PicasaMediaDetector.exeC:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exeC:\Programfiler\D-Link\Bluetooth-programvare\BTTray.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\Logitech\SetPoint\SetPoint.exeC:\Programfiler\Skype\Plugin Manager\skypePM.exeC:\PROGRA~1\D-Link\BLUETO~1\BTSTAC~1.EXEC:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXEC:\Programfiler\iPod\bin\iPodService.exeC:\Programfiler\Windows Live\Messenger\usnsvc.exeC:\Programfiler\Last.fm\LastFM.exeC:\Programfiler\Last.fm\LastFMHelper.exeC:\WINDOWS\system32\openglx.exeD:\Steam\steam.exeC:\Programfiler\Mozilla Firefox\firefox.exeC:\Documents and Settings\Daniel\Skrivebord\test.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoblingerO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [\\server\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P32 "\\server\EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"O4 - HKLM\..\Run: [Automatisk EPSON Stylus C48 Series på server] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P44 "Automatisk EPSON Stylus C48 Series på server" /O14 "\\SERVER\EPSON" /M "Stylus C48"O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Graphic Update] C:\WINDOWS\system32\openglx.exeO4 - HKCU\..\Run: [steam] "d:\steam\steam.exe" -silentO4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [HDDHealth] C:\Programfiler\HDD Health\HDDHealth.exe -wlO4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programfiler\Creative\Shared Files\CamTray.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe /startO4 - HKCU\..\Run: [\\server\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P32 "\\server\EPSON Stylus C48 Series" /M "Stylus C48" /EF "HKCU"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exeO4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\utorrent.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Logitech SetPoint.lnk = ?O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\D-Link\Bluetooth-programvare\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.buypass.no (HKLM)O15 - Trusted Zone: http://*.headit.no (HKLM)O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187199750920O17 - HKLM\System\CCS\Services\Tcpip\..\{94D0F5D2-D275-494E-A399-2D4AFD1666B3}: NameServer = 130.67.60.68,130.67.15.192O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLLO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programfiler\Symantec\pcAnywhere\awhost32.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\D-Link\Bluetooth-programvare\bin\btwdins.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe--End of file - 10370 bytes
Har også scannet med AVG, Ad-aware og Spybot S&D. Fortsatt ser jeg at den sender meldinger til folk i lista mi med jevne mellomrom.

Hent Combofix, og legg det på skrivebordetKjør combofix.exe, og følg veiledningen.Post loggfilen fra combofix (c:\combofix.txt)

ingen som vet noe om dette?

Skrollan:Kjør en runde med combofix med påfølgende logg + en hjt-logg (Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.)Loggen legger du i din egen post som du oppretter ved å klikk 'Nytt emne'. Endret 15. oktober 2007 av norbat

Skrollan · 15. oktober 2007

hmm... som sagt er det ikke jeg som har viruset men skal få hu som har det til og gjøre det ^^

denieru · 15. oktober 2007

Logg fra Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-10-12.4 - Daniel 2007-10-15 16:32:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1326 [GMT 2:00]

Running from: C:\Documents and Settings\Daniel\Skrivebord\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))

.

2007-10-15 16:32 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-14 22:14 60,000 --a------ C:\WINDOWS\system32\openglx.exe

2007-10-14 13:19 <DIR> d-------- C:\Documents and Settings\Daniel\Bluetooth Software

2007-10-14 13:18 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2007-10-12 12:07 <DIR> d-------- C:\Programfiler\GCFScape

2007-10-10 11:06 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-10-10 11:04 <DIR> d-------- C:\NVIDIAprogramfiler

2007-10-10 09:55 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-09-30 11:35 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2007-09-24 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm

2007-09-24 09:23 <DIR> d-------- C:\Programfiler\Picasa2

2007-09-24 09:23 <DIR> d-------- C:\Programfiler\Google

2007-09-23 12:23 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\Hamachi

2007-09-23 12:22 <DIR> d-------- C:\Programfiler\Hamachi

2007-09-23 12:22 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-09-23 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NFS Underground

2007-09-23 02:18 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX

2007-09-21 12:33 <DIR> d-------- C:\Programfiler\iTunes

2007-09-18 13:21 <DIR> d-------- C:\Programfiler\EPSON

2007-09-16 00:45 23 --a------ C:\WINDOWS\popcinfot.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-15 14:32 --------- d-----w C:\Documents and Settings\Daniel\Programdata\uTorrent

2007-10-15 14:01 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Skype

2007-10-15 13:59 --------- d-----w C:\Programfiler\HDD Health

2007-10-15 05:20 --------- d-----w C:\Programfiler\Java

2007-10-15 05:17 --------- d-----w C:\Documents and Settings\Daniel\Programdata\AVG7

2007-10-14 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7

2007-10-14 15:01 --------- d-----w C:\Documents and Settings\Daniel\Programdata\OpenOffice.org2

2007-10-11 09:34 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-10-08 18:32 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Apple Computer

2007-10-05 22:48 --------- d-----w C:\Documents and Settings\Daniel\Programdata\mIRC

2007-10-05 22:37 --------- d-----w C:\Programfiler\mIRC

2007-10-04 15:27 --------- d-----w C:\Programfiler\PeerGuardian2

2007-10-01 18:26 --------- d-----w C:\Programfiler\SpeedFan

2007-09-28 17:46 --------- d-----w C:\Programfiler\Fellesfiler\Ahead

2007-09-28 10:23 --------- d-----w C:\Programfiler\iPod

2007-09-24 16:56 --------- d-----w C:\Programfiler\Last.fm

2007-09-24 10:16 --------- d-----w C:\Documents and Settings\All Users\Programdata\Creative

2007-09-24 10:14 --------- d-----w C:\Programfiler\Creative

2007-09-23 00:47 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-09-22 23:30 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll

2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll

2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll

2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll

2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll

2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll

2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll

2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll

2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll

2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll

2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll

2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll

2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll

2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll

2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll

2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll

2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll

2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll

2007-09-16 23:07 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll

2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll

2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll

2007-09-16 23:07 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll

2007-09-16 23:07 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll

2007-09-16 23:07 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll

2007-09-16 23:07 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll

2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll

2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll

2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll

2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll

2007-09-16 23:07 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll

2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll

2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll

2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll

2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll

2007-09-16 23:07 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll

2007-09-16 23:07 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll

2007-09-16 23:07 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll

2007-09-16 23:07 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll

2007-09-16 23:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-09-16 23:07 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll

2007-09-16 23:07 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll

2007-09-16 23:07 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll

2007-09-16 23:07 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll

2007-09-16 23:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-09-16 23:07 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24]

"ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" []

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]

"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]

"type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:21]

"\\server\EPSON Stylus C48 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.exe" [2005-05-16 20:00]

"Automatisk EPSON Stylus C48 Series på server"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.exe" [2005-05-16 20:00]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]

"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

"Graphic Update"="C:\WINDOWS\system32\openglx.exe" [2007-10-14 22:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\steam\steam.exe" [2007-10-05 08:10]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-08-25 21:54]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]

"HDDHealth"="C:\Programfiler\HDD Health\HDDHealth.exe" [2005-06-24 09:17]

"Creative WebCam Tray"="C:\Programfiler\Creative\Shared Files\CamTray.exe" [2005-10-27 18:00]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]

"ASUS SmartDoctor"="C:\Programfiler\ASUS\SmartDoctor\SmartDoctor.exe" [2007-01-15 10:22]

"\\server\EPSON Stylus C48 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.exe" [2005-05-16 20:00]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]

"Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2007-09-12 02:29]

"µTorrent"="C:\Programfiler\uTorrent\utorrent.exe" [2007-08-15 15:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2006-02-14 12:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

C:\Programfiler\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Programfiler\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Programfiler\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Programfiler\QuickTime\QTTask.exe" -atboottime

R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys

R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

R3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys

S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-10-12 10:16:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

"2007-09-03 07:09:53 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"

- C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-15 16:33:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"\\\\server\\EPSON Stylus C48 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I091.EXE /P32 \"\\\\server\\EPSON Stylus C48 Series\" /O6 \"USB001\" /M \"Stylus C48\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"\\\\server\\EPSON Stylus C48 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I091.EXE /P32 \"\\\\server\\EPSON Stylus C48 Series\" /M \"Stylus C48\" /EF \"HKCU\""

.

Completion time: 2007-10-15 16:33:48

.

--- E O F ---

Endret 15. oktober 2007 av denieru

Scortech · 15. oktober 2007

Dette er ikke noe virus men msn hack

norbat · 15. oktober 2007

denieru:

Sjekk fila: C:\WINDOWS\system32\openglx.exe på følgende nettsted: http://virusscan.jotti.org/

Du sjekker fila ved å laste den opp (se øverste på nevnte nettsted.) Fila vil bli scannet med flere av-prog. Gi tilbakemelding på resultatet.

Hvis du ikke finner fila i system32-mappa, må du slå på 'Vis skjulte filer og mapper'

(kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper")

TaZ · 15. oktober 2007

Resultat av scann.

Fila som lastes ned når du trykker på linken du får over MSN..

Endret 15. oktober 2007 av taz

norbat · 15. oktober 2007

taz var en ny bekjentskap.... I slekt med denieru? :wee:

(snakker vi om openglx.exe?)

Endret 15. oktober 2007 av norbat

TaZ · 15. oktober 2007

Nope,har 2 venner på MSN som plager meg(og alle sine venner) med samme greia...

Prøver å hjelpe dem med å bli kvitt dette..

Dette er fila som blir lastet ned når du trykker på linken som kommer på MSN..

Det er en skjermsparer ser det ut som

Fil navn

[email protected]

Endret 15. oktober 2007 av taz

denieru · 15. oktober 2007

Hei igjen. Fant et program på et fransk forum som heter MSNfix. Kjørte det og den sletta openglx.exe. Så langt virker alt vel.

Takk for hjelpa norbat.

norbat · 15. oktober 2007

Ja, MSNFix tar mange av disse 'MSN-virusene'

Det kunne ha vært en ide og kjørt Combofix også, med påfølgende logg (Ja, du har kjørt en gang, så det er bare en sjekk om det ligger noe igjen)

Endret 15. oktober 2007 av norbat

Skrollan · 15. oktober 2007

men hva må slettes? kan noen forklare dette?

edit: prøver msnfix nå, ser om det hjelper...

Endret 15. oktober 2007 av Skrollan

denieru · 15. oktober 2007

Kjørte Combofix en gang til jeg.

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-10-12.4 - Daniel 2007-10-15 21:02:40.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1333 [GMT 2:00]

Running from: C:\Documents and Settings\Daniel\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))

.

2007-10-15 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-10-15 17:53 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2007-10-15 17:53 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\SUPERAntiSpyware.com

2007-10-15 17:11 <DIR> d-------- C:\Documents and Settings\Daniel\.housecall6.6

2007-10-15 16:32 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-14 13:19 <DIR> d-------- C:\Documents and Settings\Daniel\Bluetooth Software

2007-10-14 13:18 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys

2007-10-12 12:07 <DIR> d-------- C:\Programfiler\GCFScape

2007-10-10 11:06 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-10-10 11:04 <DIR> d-------- C:\NVIDIAprogramfiler

2007-10-10 09:55 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-09-30 11:35 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2007-09-24 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Last.fm

2007-09-24 09:23 <DIR> d-------- C:\Programfiler\Picasa2

2007-09-24 09:23 <DIR> d-------- C:\Programfiler\Google

2007-09-23 12:23 <DIR> d-------- C:\Documents and Settings\Daniel\Programdata\Hamachi

2007-09-23 12:22 <DIR> d-------- C:\Programfiler\Hamachi

2007-09-23 12:22 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-09-23 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NFS Underground

2007-09-23 02:18 <DIR> d-------- C:\Programfiler\Fellesfiler\DirectX

2007-09-21 12:33 <DIR> d-------- C:\Programfiler\iTunes

2007-09-18 13:21 <DIR> d-------- C:\Programfiler\EPSON

2007-09-16 00:45 23 --a------ C:\WINDOWS\popcinfot.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-15 19:03 --------- d-----w C:\Documents and Settings\Daniel\Programdata\uTorrent

2007-10-15 18:59 --------- d-----w C:\Documents and Settings\Daniel\Programdata\Skype

2007-10-15 18:19 --------- d-----w C:\Programfiler\HDD Health

2007-10-15 18:18 --------- d-----w C:\Programfiler\DAEMON Tools

2007-10-15 15:53 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard