froZZo Skrevet 23. november 2007 Del Skrevet 23. november 2007 (endret) har klikk msn. msn en min sender ut dette: ahahah sexyyyy + en zip fil som er viruset sikkert. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:22:48, on 23.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe E:\spell\steam\Steam.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe C:\Programfiler\Electronic Arts\EADM\Core.exe C:\Programfiler\SpeedFan\speedfan.exe C:\Programfiler\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [steam] "E:\spell\steam\Steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: CNet Wireless Utility.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7163 bytes Endret 23. november 2007 av froZZo Lenke til kommentar
Bruktbilen Skrevet 23. november 2007 Del Skrevet 23. november 2007 C:\Programfiler\MSN Messenger\usnsvc.exe Den kan være roten til problemet. Lenke til kommentar
froZZo Skrevet 23. november 2007 Forfatter Del Skrevet 23. november 2007 (endret) det funka ikke Endret 23. november 2007 av froZZo Lenke til kommentar
froZZo Skrevet 23. november 2007 Forfatter Del Skrevet 23. november 2007 (endret) sletta hele msn n og instalerte på nytt jeg ny hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00:56, on 23.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Microsoft IntelliType Pro\itype.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe E:\spell\steam\Steam.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Eraser\eraser.exe C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programfiler\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Creative\ShareDLL\CADI\NotiMan.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [itype] "C:\Programfiler\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTDVDDET] "C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RCSystem] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programfiler\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [VolPanel] "C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [steam] "E:\spell\steam\Steam.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Eraser] C:\Programfiler\Eraser\eraser.exe -hide O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: CNet Wireless Utility.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7121 bytes Endret 23. november 2007 av froZZo Lenke til kommentar
froZZo Skrevet 23. november 2007 Forfatter Del Skrevet 23. november 2007 (endret) acgas logg AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 20:25:40 23.11.2007 + Scan result: C:\Documents and Settings\ole even\Cookies\ole even@adtech[1].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\ole even\Cookies\ole [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\ole even\Cookies\ole [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\ole even\Cookies\ole even@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\ole even\Cookies\ole [email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned. ::Report end Endret 23. november 2007 av froZZo Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Last ned MSNFix.zip, og pakk det ut på skrivebordet. Kjør filen 'MSNFix.bat'. Følg veiledningen Lenke til kommentar
froZZo Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 (endret) der ble den møkkafila jeg lasta ned borte. MSNFix 1.591 C:\Documents and Settings\ole even\Skrivebord\MSNFix Scan done at 24.11.2007 - 13:23:38,51 By ole even normal mode ************************ Checking Files ... C:\WINDOWS\pics10.zip ************************ MSNCHK ***** /!\ beta test /!\ ************************ Checking Folders ... C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP\ ************************ Deleting malware Files .. OK ... C:\WINDOWS\pics10.zip ************************ Deleting malware Folders .. OK ... C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP\ ************************ Registry Cleaning ************************ Suspect Files /!\ The detected files must be reviewed by a forum Helper before changes can be made [C:\HijackThis.exe] C4CA7416A6DF6D95075F81D9E3B41AD1 ==> Please upload the file C:\DOCUME~1\OLEEVE~1\SKRIVE~1\Upload_Me.zip to http://upload.changelog.fr The File and Registry deletions have been saved in 24.11.2007_13240981.zip ------------------------------------------------------------------------ Author : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Endret 24. november 2007 av froZZo Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 Kjør hjt, velg "Do a system scan only", sett merke framfor følgede linje og klikk Fix checked: O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix(c:\combofix.txt) så se vi om det trengs å gjøre noe mer. Lenke til kommentar
froZZo Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 ComboFix 07-11-19.3 - ole even 2007-11-24 13:37:06.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.904 [GMT 1:00] Running from: C:\Documents and Settings\ole even\Lokale innstillinger\Temporary Internet Files\Content.IE5\S3XZIM71\ComboFix[1].exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-23 19:40 <DIR> d-------- C:\Programfiler\Eraser 2007-11-23 19:40 316,752 --a------ C:\WINDOWS\system32\Eraser.dll 2007-11-23 19:40 91,472 --a------ C:\WINDOWS\system32\Erasext.dll 2007-11-23 19:40 39,248 --a------ C:\WINDOWS\system32\Eraserl.exe 2007-11-23 19:22 396,288 --a------ C:\HijackThis.exe 2007-11-23 19:21 <DIR> d-------- C:\Programfiler\Trend Micro 2007-11-22 17:42 <DIR> dr-h----- C:\Documents and Settings\ole even\Programdata\SecuROM 2007-11-22 17:42 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-22 17:38 <DIR> d-------- C:\Programfiler\GameSpy 2007-11-22 17:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-22 17:36 22,328 --a------ C:\Documents and Settings\ole even\Programdata\PnkBstrK.sys 2007-11-22 17:35 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-11-22 17:35 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-11-22 17:35 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-11-22 11:12 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-11-21 14:38 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2007-11-21 13:22 6,640 --a------ C:\WINDOWS\desctemp.dat 2007-11-21 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Bluetooth 2007-11-21 12:50 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-11-21 12:50 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-11-21 12:50 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2007-11-21 12:50 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-11-21 12:50 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2007-11-21 12:50 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2007-11-21 12:50 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-11-21 12:50 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys 2007-11-21 12:50 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-11-21 12:50 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-11-21 12:49 <DIR> d-------- C:\Programfiler\IVT Corporation 2007-11-08 21:17 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-01 19:40 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-11-01 19:40 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-01 19:40 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-11-01 19:40 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-01 19:40 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-11-01 19:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-01 19:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-11-01 19:36 <DIR> d-------- C:\Programfiler\Electronic Arts 2007-11-01 19:35 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-01 03:06 64,988 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx 2007-11-01 03:06 54,672 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx 2007-11-01 03:06 54,672 --a------ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000008-00001102-00000005-00211102}.rfx 2007-10-31 19:00 <DIR> d-------- C:\Programfiler\Medieval Software 2007-10-30 23:02 <DIR> d-------- C:\Programfiler\mp3split 2007-10-30 22:59 <DIR> d-------- C:\Programfiler\AudioConverter Studio 2007-10-30 22:59 <DIR> d-------- C:\My Music 2007-10-30 22:27 <DIR> d-------- C:\Documents and Settings\ole even\Incomplete 2007-10-30 22:17 <DIR> d-------- C:\Programfiler\Java 2007-10-30 22:17 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-10-30 22:17 4,935 --a------ C:\WINDOWS\system32\jupdate-1.6.0_02-b06.log 2007-10-30 22:16 <DIR> d-------- C:\Programfiler\LimeWire 2007-10-30 22:16 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2007-10-30 22:15 <DIR> d-------- C:\Documents and Settings\ole even\.limewire 2007-10-30 21:45 <DIR> d-------- C:\Programfiler\Winamp 2007-10-30 21:45 <DIR> d-------- C:\Documents and Settings\ole even\Programdata\vlc 2007-10-30 21:45 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-10-30 21:45 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-10-30 21:45 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-30 21:45 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-10-30 21:45 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-10-30 21:40 <DIR> d-------- C:\Programfiler\NVIDIA Corporation 2007-10-30 21:38 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-10-30 21:38 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-10-30 21:37 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-10-30 21:37 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-10-30 21:37 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys 2007-10-30 21:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-10-30 21:37 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax 2007-10-30 21:37 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2007-10-30 21:37 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-10-30 21:37 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys 2007-10-30 21:37 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2007-10-30 21:37 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys 2007-10-30 21:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-10-30 21:36 68,135 -ra------ C:\WINDOWS\system32\instwdm.ini 2007-10-30 21:36 11,776 --a------ C:\WINDOWS\INRES.DLL 2007-10-30 21:36 10,240 --a------ C:\WINDOWS\CTDCRES.DLL 2007-10-30 21:36 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL 2007-10-30 21:36 191 -ra------ C:\WINDOWS\system32\ctzapxx.ini 2007-10-30 21:35 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2 2007-10-30 21:35 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2 2007-10-30 21:35 2,167,684 --------- C:\WINDOWS\system32\CT2MGM.SF2 2007-10-30 21:34 <DIR> d-------- C:\Documents and Settings\ole even\Contacts 2007-10-30 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Creative 2007-10-30 21:33 <DIR> d-------- C:\Documents and Settings\ole even\Programdata\Creative 2007-10-30 21:33 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll 2007-10-30 21:32 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-10-30 21:31 <DIR> d-------- C:\Programfiler\Creative 2007-10-30 21:30 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2007-10-30 21:18 <DIR> d-------- C:\Programfiler\CNet 2007-10-30 21:18 81,920 --a------ C:\WINDOWS\system32\W32N50.dll 2007-10-30 21:18 17,134 --a------ C:\WINDOWS\system32\Pcandis5.sys 2007-10-30 21:13 <DIR> d-------- C:\WINDOWS\nview 2007-10-30 21:13 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-30 21:13 138,893 --a------ C:\WINDOWS\system32\nvapps.xml 2007-10-30 21:13 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu 2007-10-30 21:09 <DIR> d-------- C:\Programfiler\Google 2007-10-30 21:04 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-10-30 21:04 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-10-30 21:04 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-24 07:00 --------- d-----w C:\Documents and Settings\ole even\Programdata\AVG7 2007-11-23 17:21 --------- d-----w C:\Programfiler\SpeedFan 2007-11-23 00:04 716,800 ----a-w C:\WINDOWS\system32\NTSpool.exe 2007-11-21 17:48 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-10-31 07:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2007-10-30 20:40 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-10-30 19:55 --------- d-----w C:\Programfiler\CDBurnerXP Pro 3 2007-10-30 19:53 --------- d-----w C:\Programfiler\VideoLAN 2007-10-30 19:52 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-10-30 19:52 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2007-10-30 19:52 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-10-30 19:52 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-10-30 19:52 --------- d-----w C:\Documents and Settings\ole even\Programdata\Logitech 2007-10-30 19:51 --------- d-----w C:\Programfiler\Logitech 2007-10-30 19:51 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech 2007-10-30 19:48 --------- d-----w C:\Programfiler\ffdshow 2007-10-30 19:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-10-30 19:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-10-30 19:45 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-10-30 19:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2007-10-30 19:42 --------- d-----w C:\Programfiler\Microsoft IntelliType Pro 2007-10-30 19:42 --------- d-----w C:\Programfiler\AMD 2007-10-30 19:32 --------- d-----w C:\Programfiler\ABIT 2007-10-30 19:20 --------- d-----w C:\Programfiler\microsoft frontpage 2007-10-30 19:19 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-10-30 19:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-10-30 19:18 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-17 01:10 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-17 00:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-09-17 00:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-09-17 00:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-09-17 00:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-09-17 00:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-09-17 00:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-09-17 00:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-09-17 00:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-09-17 00:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-09-17 00:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-09-17 00:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-23_17.19.58,49 ))))))))))))))))))))))))))))))))))))))))) . - 2007-10-30 20:33:23 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2007-11-23 18:57:22 29,926 ----a-r C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2007-11-23 18:54:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32] "Steam"="E:\spell\steam\Steam.exe" [2007-11-15 03:13] "Eraser"="C:\Programfiler\Eraser\eraser.exe" [2007-10-28 15:11] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 C:\WINDOWS\system32\bthprops.cpl] "itype"="C:\Programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08] "amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-30 21:09] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-30 21:06] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe] "CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00] "RCSystem"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25] "AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25] "VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34] "CTHelper"="CTHELPER.EXE" [2005-08-07 23:10 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 23:10 C:\WINDOWS\system32\CTXFIHLP.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-02-13 19:29] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-30 21:09] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BlueSoleil.lnk - C:\Programfiler\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-11-03 13:41:04] CNet Wireless Utility.lnk - C:\Programfiler\CNet\802.11 Wireless LAN\CNETWlanMonitor.exe [2007-10-30 21:18:45] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-10-30 20:52:01] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R3 FVNETusb(505 2958)®; FVNETusb(505 2958)® Service for CNet Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa844b41-7b39-11da-a05d-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe root.ini *Newly Created Service* - USNJSVC . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 13:37:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 13:38:12 C:\ComboFix2.txt ... 2007-11-23 17:20 . --- E O F --- Lenke til kommentar
froZZo Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 og hvis det ikke hadde vert for mye bry. kunne dere sjekka en kompis sin logg, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:13:31, on 24.11.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16546) Boot mode: Normal Running processes: C:\Program Files (x86)\MSN Messenger\msnmsgr.exe D:\progs\steam\Steam.exe C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe D:\programer\adapter\WG111v2.exe C:\Program Files (x86)\MSI\SecureDoc\Logon.exe C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe D:\programer\vlc player\VLC\vlc.exe C:\Program Files (x86)\MSN Messenger\msvs.exe D:\virus prog greie\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Gainward] C:\Windows\TBPanel.exe /A O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [steam] "D:\progs\steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: NCProTray.lnk = ? O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O4 - Global Startup: SecureDoc.lnk = C:\Program Files (x86)\MSI\SecureDoc\Logon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~2\Grisoft\AVG7\avgemc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7121 bytes Lenke til kommentar
norbat Skrevet 24. november 2007 Del Skrevet 24. november 2007 (endret) Bruk utforsker til å slette følgende fil (i fet): C:\WINDOWS\system32\NTSpool.exe Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Skal se på loggen til kompisen..... - Ser ok ut. Var det bare en sjekk eller er det noe som tilsier at det kan være noe muffens? Endret 24. november 2007 av norbat Lenke til kommentar
froZZo Skrevet 24. november 2007 Forfatter Del Skrevet 24. november 2007 (endret) Bruk utforsker til å slette følgende fil (i fet):C:\WINDOWS\system32\NTSpool.exe Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Skal se på loggen til kompisen..... - Ser ok ut. Var det bare en sjekk eller er det noe som tilsier at det kan være noe muffens? tusen tusen takk for at du gidder å hjelpe meg. var bare en sjekk. Endret 24. november 2007 av froZZo Lenke til kommentar
froZZo Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 nå er det tre tel som jeg kjenner som har fått detta viruset nå. er et lite helvete å prøve å hjelpe folk med null kunskap om data. men norbat, hadde du dratt rundt og hjelpa folk nå så kunne du ha tjent mye penger. men du kunne starta telefonhjelp. 50 kr min eller no Lenke til kommentar
norbat Skrevet 25. november 2007 Del Skrevet 25. november 2007 Hvis du får det for travelt så kan du jo bare be dem stikke innom forumet - gratis. Lenke til kommentar
froZZo Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 er fra en kompiss tel Logfile of HijackThis v1.99.1 Scan saved at 15:45:05, on 25.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\MSI\Live Update 3\LMonitor.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSI\Core Center\CoreCenter.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\Windows Live\installer\WLSetupSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\rsvp.exe C:\Documents and Settings\tor erik\Skrivebord\hijackthis_sfx\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?18a58a76e00b4c3395d8914de874053c O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?18a58a76e00b4c3395d8914de874053c O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189971635061 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Lenke til kommentar
froZZo Skrevet 25. november 2007 Forfatter Del Skrevet 25. november 2007 Hvis du får det for travelt så kan du jo bare be dem stikke innom forumet - gratis. hehe ja det hadde vel vøri det beste men dom greier ikke det trur jeg, trur nå jeg har greid å fåt hjelpt en vertfall resten får greie seg sjøl Lenke til kommentar
fast_740 Skrevet 30. november 2007 Del Skrevet 30. november 2007 Hei. Slenger meg på denne. Har 0 peil på sånne ting! Fikk den samme greie, bare litt annen tekst, og filen het dream01, og var en zipfil... Kan noen hjelpe meg her? Fikk også en annen feilmelding hver gang jeg lukker internett explorer. Denne kom etter den "virusgreia". Prøvde å følge veilderen over her, slettet den C:\WINDOWS\system32\NTSpool.exe filen... Og restarta pc`n da jeg hadde Slått av Systemgjenopprettingen... Please, help me! hehe Lenke til kommentar
norbat Skrevet 30. november 2007 Del Skrevet 30. november 2007 Vet ikke helt hva du har gjort av det som står lengre opp, men uansett: Last ned MSNFix til Skrivbordet og pakk det ut. Dobbeltklikk på MSNFix.bat som ligger i msnfix-mappa og følge veiledningen. Deretter: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) sammen med en logg fra Hijackthis (Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile".) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå