Muffinman Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Har ingen anelse kva som skjer med IE, men Firefox prøvde å laste ned fila og då skjønner ein jo fort at noko er galt Det skjønner du, og det skjønner jeg. Men ikke riktig alle. Ufred i heimen her.... Lenke til kommentar
siDDis Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Då er det vell på tide med litt kursing i heimen? Ikkje last ned og kjør alle type filer. Ikkje bruk administrator kontoen til vanleg bruk. Ikkje tru at ditt antivirus program faktisk fungerer. Ikkje tru at din brannmur faktisk fungerer. Faktisk så er det punkt 2 som er det viktigaste leddet her og som er det enklaste å gjere noko med og som også er mest brukervennligt. Eg synes det er skandaløst at ingen kan informere om akkurat det punktet skikkeleg. Neida bruk Anti-Virus heller! Det fikser alt! *sukk* Lenke til kommentar
bigfeta Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Angriper dette bare xp? Eller vista også? Lenke til kommentar
Poor Leno Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 Ikkje last ned og kjør alle type filer.Ikkje bruk administrator kontoen til vanleg bruk. Ikkje tru at ditt antivirus program faktisk fungerer. Ikkje tru at din brannmur faktisk fungerer. Hihi, minte litt om janteloven... Lenke til kommentar
Blabla1 Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 (endret) Recommendation for MS DOS Application: Trusted: Yes Trojan: No Chronic: No Adware: No Carrier: No Browser Hijacker: No Dialer: No Commercial Keylogger: No Remote Administration Tool: No Suspected: No ----------------------------------------- Tviler på at Anti-virus programmer bryr seg. Ser ikke ut til at det er skadelig, men bare irriterende. Lastet den ned, men tror ikke det er lurt å kjøre den^^ EDIT: Jeg har ikke mye peiling på dette så det kan hende jeg skriver bare tull! Angriper dette bare xp? Eller vista også? Tror det funker på Vista siden det finnes MS-DOS i Vista og. Det brukes til å legge inn kommandoer i Vista ettersom jeg har hørt. Endret 19. januar 2008 av Zonked223 Lenke til kommentar
snippsat Skrevet 19. januar 2008 Del Skrevet 19. januar 2008 (endret) Ja er vel så dårlig lagt dette msn viruset,at det er noen script kiddie som ler litt. Det går ann og ha litt kontroll over prosesser som kjører på pcen. Har det litt morsomt med og etterligne windows prosesser. Eksp isass.exe god win prosess. Så bytte om litt lssas.exe prosess som er smittet. Så bruke litt mindere tid på msn,og prøve og lære seg litt om systemet sitt er vel greit. Så skjønner man at dette er overhode ingen ting og ta på vei for. Bare og fjerne det eller poste logg så får en hjelp her. Endret 19. januar 2008 av SNIPPSAT Lenke til kommentar
Lilac1 Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 (endret) Win32:TratBHO[trojan] Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag. Det burde ikke vært lov å spamme slikt fra søte jenter:/ pmnkjhh.dll Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit. Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken. Bah Endret 20. januar 2008 av Lilac1 Lenke til kommentar
norbat Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Win32:TratBHO[trojan]Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag. Det burde ikke vært lov å spamme slikt fra søte jenter:/ pmnkjhh.dll Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit. Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken. Bah Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Nexxi Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:18, on 20.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\ccsrvc.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\Altiris\CARBON~1\client.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Altiris\AClient\AClntUsr.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\erikgraff\Local Settings\Temporary Internet Files\Content.IE5\L533X9C0\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gnt.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklm.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {469D87F0-C90D-4BAC-B5D0-B817DE81A67F} - C:\WINDOWS\system32\jkklm.dll O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\gebyvtt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [c4227051] rundll32.exe "C:\WINDOWS\system32\ktsdfaoa.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3989921549-1602161148-146602872-1471\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-3989921549-1602161148-146602872-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188590740661 O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://dwreports.fi.corp.int/crystalreport...tiveXViewer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NO.CORP.INT O17 - HKLM\Software\..\Telephony: DomainName = NO.CORP.INT O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NO.CORP.INT O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NO.CORP.INT O18 - Protocol: bw+0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: gebyvtt - C:\WINDOWS\SYSTEM32\gebyvtt.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 23725 bytes Hadde vært hyggelig med hjelp fra de som kan det. Frua har fått dette på sin PC. Fryktelig irriterend:P Lenke til kommentar
XanderX Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 http://www1.vg.no/teknologi/artikkel.php?artid=508700 Tok ikke lang tid før det kom ut i media Lenke til kommentar
Miniguru Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Den gamle utslitte, utdaterte stygge ulven Internet Explorer er den eg meiner ja Har ingen anelse kva som skjer med IE, men Firefox prøvde å laste ned fila og då skjønner ein jo fort at noko er galt Er jo likt i IE da, du får spørsmål om du vil åpne eller laste ned eller avbryte.. Så det ringer jo ei bjelle hos oppegående databrukere. Så det er ikke rettferdig å skylde på IE i dette tilfellet Lenke til kommentar
Ueland Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig) Lenke til kommentar
Infinity Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Men kan noen fortelle meg hvordan jeg blir kvitt viruset? Har prøvd med avast, ad-aware og spybot men blir ikke kvitt det ser det ut som.... avast finner virus og jeg fjerner det, så går det en liten stund så kommer virusvarselet på igjen. Sånn har det holdt på siden igår da min kjære? fikk en msn fra ei venninne....... Lenke til kommentar
siDDis Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig) Det har eg ikkje merka her isåfall. Lenke til kommentar
RMBB Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Haha, må ærlig inrømme at jeg trykkte på linken:P Men lukket vinduet før det kom noe i det. Men men, legger ut noen logger;) Combofix ComboFix 08-01-18.5 - Hest 2008-01-21 14:32:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.167 [GMT 1:00] Running from: C:\Documents and Settings\Hest\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-20 23:56 . 2008-01-20 23:56 <DIR> d-------- C:\Programfiler\Trend Micro 2008-01-20 19:49 . 2008-01-21 12:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-20 19:49 . 2008-01-20 19:49 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\SUPERAntiSpyware.com 2008-01-20 19:49 . 2008-01-20 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-20 19:48 . 2008-01-20 19:48 <DIR> dr-h----- C:\Documents and Settings\Hest\Siste 2008-01-20 19:45 . 2008-01-20 19:45 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-20 18:51 . 2008-01-20 18:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-20 18:51 . 2008-01-20 18:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-19 20:52 . 2008-01-19 20:52 268 --ah----- C:\sqmdata08.sqm 2008-01-19 20:52 . 2008-01-19 20:52 244 --ah----- C:\sqmnoopt08.sqm 2008-01-19 16:45 . 2008-01-19 16:45 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-17 17:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 22:25 . 2008-01-08 22:25 <DIR> d-------- C:\Programfiler\uTorrent 2008-01-08 22:25 . 2008-01-09 00:18 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\uTorrent 2008-01-06 18:22 . 2008-01-06 18:22 24,455 --a------ C:\WINDOWS\THEBIB~1.hlp 2008-01-05 23:38 . 2008-01-05 23:38 <DIR> d-------- C:\Programfiler\MSXML 6.0 2008-01-04 23:16 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-04 19:47 . 2008-01-04 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-04 19:46 . 2008-01-20 19:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-04 19:23 . 2008-01-04 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-01-04 19:23 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\AVG7 2008-01-04 19:22 . 2008-01-04 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-04 19:22 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-01-04 19:06 . 2008-01-04 19:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Programfiler\Telenor 2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Telenor 2007-12-23 13:12 . 2007-12-23 13:12 <DIR> d-------- C:\Programfiler\Universal Interactive 2007-12-23 13:10 . 2008-01-04 21:02 73,898 --a------ C:\empsiklasttrace.xml 2007-12-23 12:54 . 2007-12-23 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 15:32 --------- d-----w C:\Programfiler\K-Lite Codec Pack 2008-01-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-01-04 18:47 --------- d-----w C:\Programfiler\Lavasoft 2007-12-15 11:30 --------- d-----w C:\Programfiler\Bullfrog 2007-12-02 14:56 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-02 14:55 --------- d-----w C:\Programfiler\Disney Interactive 2007-12-02 14:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Disney Interactive 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-17_18.18.29.85 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:30:12 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll + 2007-10-10 23:42:16 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll + 2007-10-10 23:42:16 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll + 2007-10-10 23:42:16 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll + 2007-10-10 23:42:16 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll + 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe + 2007-10-10 23:42:16 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll + 2007-10-10 23:42:17 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll + 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll + 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat + 2007-10-10 23:42:17 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll + 2007-10-10 23:42:18 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll + 2007-10-10 23:42:22 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll + 2007-10-10 23:42:22 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll + 2007-10-10 23:42:23 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll + 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe + 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe + 2007-10-10 23:42:24 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll + 2007-10-10 23:42:25 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll + 2007-10-10 23:42:25 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll + 2007-10-30 23:42:34 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll + 2007-10-10 23:42:29 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll + 2007-10-10 23:42:29 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll + 2007-10-10 23:42:30 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll + 2007-10-10 23:42:30 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll + 2007-10-10 23:42:30 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll + 2007-10-10 23:42:31 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll + 2007-10-10 23:42:31 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll + 2007-10-10 23:42:32 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll - 2008-01-17 16:57:38 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-21 13:32:33 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-17 16:57:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-21 13:32:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-17 16:57:39 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-21 13:32:33 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-17 16:57:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-21 13:32:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-17 16:57:39 2,359,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-21 13:32:33 2,392,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-17 16:57:39 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-21 13:32:33 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll + 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll + 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll + 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll + 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll + 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe + 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll + 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll + 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll + 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat + 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll + 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll + 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll + 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll + 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll + 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe + 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe + 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll + 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll + 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll + 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll + 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll + 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll + 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll + 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll + 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll + 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll + 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll + 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll + 2008-01-20 18:49:15 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe + 2008-01-20 18:49:15 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-01-20 18:49:15 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2007-08-13 17:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-10-10 23:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2007-08-13 17:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-10-10 23:53:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-08-13 17:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-10-10 23:53:52 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-10-10 23:53:52 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-10-10 11:02:27 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-10-10 23:53:52 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2007-10-10 23:53:52 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-08-13 16:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat + 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-10-10 23:53:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-10-10 23:53:54 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2007-08-13 17:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-10-10 23:53:55 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-10-10 23:53:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2007-10-10 23:53:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-08-13 17:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-10-30 23:30:15 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-08-13 17:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-10-10 23:53:58 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-08-13 17:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-10-10 23:53:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-08-13 17:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-10-10 23:53:59 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2007-10-10 23:53:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2007-10-10 23:53:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-08-13 17:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-10-10 23:53:59 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:32:20 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2007-10-10 23:54:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-08-13 17:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-10-10 23:54:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2007-08-13 17:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-10-10 23:53:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-08-13 17:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-10-10 23:53:52 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-08-13 17:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll + 2007-10-10 23:53:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-08-13 17:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-10-10 11:02:27 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-08-13 17:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-10-10 23:53:52 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-08-13 17:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-10-10 23:53:52 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-08-13 16:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-02-12 15:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat + 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat - 2007-07-11 11:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll + 2007-10-10 23:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-08-13 17:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-10-10 23:53:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-08-13 17:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll + 2007-10-10 23:53:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-08-13 17:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-10-10 23:53:54 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-08-13 17:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll + 2007-10-10 23:53:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-08-13 17:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-08-13 17:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-10-10 23:53:55 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2007-08-13 17:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll + 2007-10-10 23:53:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-08-13 17:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll + 2007-10-10 23:53:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-08-13 17:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-30 23:30:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-08-13 17:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-10-10 23:53:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-08-13 17:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-10-10 23:53:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-08-13 17:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-10-10 23:53:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-08-13 17:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll + 2007-10-10 23:53:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll - 2007-08-13 17:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-10-10 23:53:59 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-08-13 17:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-10-10 23:53:59 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-08-13 17:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-10-10 23:54:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-08-13 17:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-10-10 23:54:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2006-10-22 12:22 86016] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472] "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 19:22 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 19:22 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07] S3 bfastfao;bfastfao;C:\DOCUME~1\Hest\LOKALE~1\Temp\bfastfao.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 14:35:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-21 14:36:35 ComboFix-quarantined-files.txt 2008-01-21 13:36:13 ComboFix2.txt 2008-01-17 17:18:59 . 2008-01-17 17:24:02 --- E O F --- SAS SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/21/2008 at 02:02 PM Application Version : 3.9.1008 Core Rules Database Version : 3384 Trace Rules Database Version: 1378 Scan type : Complete Scan Total Scan Time : 01:02:17 Memory items scanned : 398 Memory threats detected : 0 Registry items scanned : 4496 Registry threats detected : 0 File items scanned : 45740 File threats detected : 6 Adware.Tracking Cookie C:\Documents and Settings\Hest\Cookies\hest@adtech[2].txt C:\Documents and Settings\Hest\Cookies\[email protected][1].txt C:\Documents and Settings\Hest\Cookies\[email protected][2].txt C:\Documents and Settings\Hest\Cookies\hest@atdmt[2].txt C:\Documents and Settings\Hest\Cookies\hest@advertising[1].txt C:\Documents and Settings\Hest\Cookies\[email protected][1].txt HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:06:08, on 21.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\D-Tools\daemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Trend Micro\HijackThis\run.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179242788154 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179243819842 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6397 bytes Lenke til kommentar
Lilac1 Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 (endret) Win32:TratBHO[trojan]Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag. Det burde ikke vært lov å spamme slikt fra søte jenter:/ pmnkjhh.dll Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit. Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken. Bah Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Combofix bekreftet mistankene mine, og slettet .dll filen. Hva kan jeg si, dette programmet fjerner jeg ikke med det første. Stor takk til deg! Her er loggen Klikk for å se/fjerne spoilerteksten nedenfor ComboFix 08-01-20.1 - Bjornar 2008-01-20 15:36:32.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT 1:00] Running from: C:\Documents and Settings\Bjornar\Desktop\Combo\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pmnkjhh.dll C:\WINDOWS\system32\x64 . ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 15:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 01:51 . 2008-01-20 03:10 <DIR> d-------- C:\Program Files\XoftSpySE 2008-01-20 00:38 . 2008-01-20 00:38 <DIR> d-------- C:\WINDOWS\Sun 2008-01-20 00:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-20 00:37 . 2008-01-20 00:38 <DIR> d-------- C:\Program Files\Java 2008-01-20 00:37 . 2008-01-20 00:37 <DIR> d-------- C:\Program Files\Common Files\Java 2008-01-20 00:29 . 2008-01-20 00:29 <DIR> d-------- C:\Program Files\Winamp 2008-01-19 19:46 . 2008-01-19 19:46 376 --a------ C:\WINDOWS\ODBC.INI 2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-01-19 19:34 . 2008-01-19 19:34 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-19 19:34 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-19 19:33 . 2008-01-19 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-19 17:15 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll 2008-01-19 17:15 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys 2008-01-19 17:15 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys 2008-01-19 17:15 . 2007-01-23 17:03 37,376 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys 2008-01-19 17:15 . 2005-05-07 12:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll 2008-01-19 08:53 . 2008-01-19 08:53 268 --ah----- C:\sqmdata00.sqm 2008-01-19 08:53 . 2008-01-19 08:53 244 --ah----- C:\sqmnoopt00.sqm 2008-01-19 08:50 . 2008-01-19 08:53 <DIR> d-------- C:\Program Files\Windows Live 2008-01-19 08:50 . 2008-01-19 08:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-19 08:50 . 2008-01-19 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-19 08:44 . 2008-01-19 17:15 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-01-19 08:44 . 2008-01-19 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters 2008-01-19 08:43 . 2008-01-19 08:43 <DIR> d-------- C:\Program Files\Driver Detective 2008-01-19 08:12 . 2008-01-19 08:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel 2008-01-19 07:17 . 2008-01-19 07:17 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-19 07:16 . 2008-01-19 07:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel 2008-01-19 07:16 . 2008-01-19 02:26 <DIR> d-------- C:\Program Files\Intel 2008-01-19 07:16 . 2008-01-19 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2008-01-19 07:16 . 2006-11-08 16:40 2,732,032 --a------ C:\WINDOWS\system32\NETw3r32.dll 2008-01-19 07:16 . 2006-11-15 05:48 1,711,488 --a------ C:\WINDOWS\system32\drivers\NETw3x32.sys 2008-01-19 07:16 . 2006-11-08 16:39 561,152 --a------ C:\WINDOWS\system32\NETw3c32.dll 2008-01-19 04:36 . 2008-01-19 21:18 <DIR> d-------- C:\Programmer 2008-01-19 04:29 . 2008-01-19 19:56 <DIR> d-------- C:\Program Files\Steam 2008-01-19 04:21 . 2008-01-19 04:21 <DIR> d-------- C:\Program Files\QuickGamma 2008-01-19 03:33 . 2008-01-19 03:33 <DIR> d-------- C:\WINDOWS\Options 2008-01-19 03:33 . 2006-08-31 14:34 68,608 --a------ C:\WINDOWS\system32\agrsmdel.exe 2008-01-19 03:22 . 2008-01-19 03:24 <DIR> d-------- C:\Program Files\Lenovo Fingerprint Software 2008-01-19 03:17 . 2008-01-19 17:33 <DIR> d-------- C:\Program Files\Lenovo 2008-01-19 03:17 . 2006-11-13 10:41 862,922 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys 2008-01-19 03:17 . 2006-10-30 10:52 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys 2008-01-19 03:17 . 2006-10-30 10:51 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys 2008-01-19 03:17 . 2006-10-30 10:52 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll 2008-01-19 03:17 . 2006-10-30 10:51 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys 2008-01-19 03:17 . 2006-10-30 10:51 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys 2008-01-19 03:17 . 2006-10-30 10:52 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys 2008-01-19 02:52 . 2008-01-19 02:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-19 02:47 . 2008-01-19 02:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-01-19 02:47 . 2007-08-24 11:00 172,032 --a------ C:\WINDOWS\system32\igfxres.dll 2008-01-19 02:47 . 2008-01-19 02:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-01-19 02:45 . 2008-01-19 02:45 <DIR> d-------- C:\Program Files\Realtek 2008-01-19 02:44 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2008-01-19 02:44 . 2008-01-19 02:44 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\Program Files\Unibrain 2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\Program Files\Intel Desktop Board 2008-01-19 02:31 . 2008-01-19 02:38 <DIR> d-------- C:\Drivere 2008-01-19 02:26 . 2007-08-10 16:12 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2007-12-31 11:03 . 2007-12-31 11:03 2,068,480 --a--c--- C:\WINDOWS\system32\dllcache\cdosys.dll 2007-12-31 11:02 . 2007-12-31 11:02 1,852,928 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll 2007-12-31 11:02 . 2007-12-31 11:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll 2007-12-31 11:02 . 2007-12-31 11:02 100,352 --a--c--- C:\WINDOWS\system32\dllcache\6to4svc.dll 2007-12-31 11:02 . 2007-12-31 11:02 100,352 --a------ C:\WINDOWS\system32\6to4svc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 05:27 --------- d-----w C:\Program Files\Broadcom 2008-01-19 05:24 --------- d-----w C:\Program Files\Alwil Software 2008-01-19 05:05 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-19 05:01 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-19 05:00 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 02:04 161,792 ----a-w C:\WINDOWS\system32\drivers\b57xp32.sys 2008-01-19 01:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-31 10:31 82,944 ----a-w C:\WINDOWS\system32\drivers\wudfrd.sys 2007-12-31 10:31 77,568 ----a-w C:\WINDOWS\system32\drivers\wudfpf.sys 2007-12-31 10:31 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys 2007-12-31 10:13 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2007-12-31 10:13 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys 2007-12-31 10:13 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2007-12-31 10:13 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2007-12-31 10:13 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys 2007-12-31 10:13 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys 2007-12-31 10:13 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2007-12-31 10:13 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys 2007-12-31 10:13 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2007-12-31 10:13 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2007-12-31 10:13 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2007-12-31 10:13 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2007-12-31 10:13 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2007-12-31 10:13 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys 2007-12-31 10:13 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2007-12-31 10:13 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys 2007-12-31 10:13 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys 2007-12-31 10:13 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2007-12-31 10:13 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys 2007-12-31 10:13 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys 2007-12-31 10:13 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys 2007-12-31 10:13 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys 2007-12-31 10:13 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2007-12-31 10:13 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2007-12-31 10:13 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys 2007-12-31 10:13 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys 2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys 2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys 2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys 2007-12-31 10:13 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys 2007-12-31 10:05 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2007-12-31 10:05 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys 2007-12-31 10:05 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2007-12-31 10:05 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2007-12-31 10:04 78,720 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys 2007-12-31 10:04 62,336 ----a-w C:\WINDOWS\system32\drivers\rspndr.sys 2007-12-31 10:04 61,312 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2007-12-31 10:04 454,912 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2007-12-31 10:04 202,496 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2007-12-31 10:04 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-31 10:04 19,712 ----a-w C:\WINDOWS\system32\drivers\partmgr.sys 2007-12-31 10:04 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2007-12-31 10:04 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe 2007-12-31 10:04 163,456 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys 2007-12-31 10:04 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2007-12-31 10:04 12,032 ----a-w C:\WINDOWS\system32\drivers\sffdisk.sys 2007-12-31 10:04 11,008 ----a-w C:\WINDOWS\system32\drivers\sffp_sd.sys 2007-12-31 10:04 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2007-12-31 10:04 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys 2007-12-31 10:03 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2007-12-31 10:03 62,592 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys 2007-12-31 10:03 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2007-12-31 10:03 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll 2007-12-31 10:03 41,984 ----a-w C:\WINDOWS\system32\drivers\imapi.sys 2007-12-31 10:03 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys 2007-12-31 10:03 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2007-12-31 10:03 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2007-12-31 10:03 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll 2007-12-31 10:03 145,920 ----a-w C:\WINDOWS\system32\drivers\hdaudio.sys 2007-12-31 10:03 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll 2007-12-31 10:03 138,752 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys 2007-12-31 10:03 136,320 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2007-12-31 10:03 129,920 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys 2007-12-31 10:03 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll 2007-12-31 10:03 10,752 ----a-w C:\WINDOWS\hh.exe 2007-12-31 10:03 1,033,216 ----a-w C:\WINDOWS\explorer.exe 2007-12-31 10:02 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2007-12-31 10:02 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll 2007-12-20 17:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-12-20 15:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-20 17:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe 2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "QuickGammaLoader"="C:\Program Files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 00:13 68096] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-05 17:13 141848] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-05 17:13 166424] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-05 17:13 137752] "RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe] "FingerPrintSoftware"="C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" [2007-03-02 06:32 933888] "AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 16:40 89542 C:\WINDOWS\AGRSMMSG.exe] "PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 05:26 31840] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] C:\WINDOWS\system32\FpWinLogonNp.dll 2007-02-27 17:26 131072 C:\WINDOWS\system32\FpWinlogonNp.dll R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 11:48] R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25] R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25] R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25] S3 FingerprintServer;Fingerprint Server;C:\WINDOWS\system32\FpLogonServ.exe [2007-01-19 15:16] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 15:41:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 15:43:25 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-20 14:43:04 . 2008-01-20 02:01:25 --- E O F --- [/spoiler Endret 20. januar 2008 av Lilac1 Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Jeg innfiserte meg selv med vilje, for å prøve å leke smart, å se hvordan det fungerte. tror jeg har fått vekk det meste men vet ikke, her er loggene vertfall Combofix ComboFix 08-01-20.1 - Alexander 2008-01-20 15:48:19.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.387 [GMT 1:00] Running from: C:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\svchost.exe C:\WINDOWS\system32\efcdbyx.dll C:\WINDOWS\system32\nnnnonm.dll . ((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))) . 2008-01-20 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-20 15:41 . 2008-01-20 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-20 15:40 . 2008-01-20 15:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-20 15:40 . 2008-01-20 15:40 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\SUPERAntiSpyware.com 2008-01-20 15:38 . 2008-01-20 15:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-20 15:35 . 2008-01-20 15:35 1,550,759 --a------ C:\ComboFix.exe 2008-01-20 15:34 . 2008-01-20 15:35 401,720 --a------ C:\HiJackThis.exe 2008-01-20 14:25 . 2008-01-20 14:26 <DIR> d-------- C:\Program Files\mIRC 2008-01-20 14:25 . 2008-01-20 15:49 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\mIRC 2008-01-19 13:58 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-19 13:36 . 2008-01-19 13:36 <DIR> d-------- C:\Program Files\Advanced Port Scanner 2008-01-17 06:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-01-17 06:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-17 06:50 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-16 14:53 . 2008-01-16 14:53 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-16 14:52 . 2008-01-19 19:26 <DIR> d-------- C:\Program Files\Mozilla Thunderbird 2008-01-16 14:52 . 2008-01-16 14:53 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\Thunderbird 2008-01-16 13:54 . 2008-01-16 13:54 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory 2008-01-16 13:38 . 2008-01-16 13:38 <DIR> d-------- C:\Program Files\ScreenPrint32 v3 2008-01-16 13:38 . 2008-01-16 13:38 249,856 --------- C:\WINDOWS\Setup1.exe 2008-01-16 13:38 . 2008-01-16 13:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-16 13:34 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE 2008-01-16 13:34 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll 2008-01-16 12:48 . 2008-01-16 12:48 <DIR> d-------- C:\Live!Cam 2008-01-16 11:53 . 2008-01-16 14:47 <DIR> d-------- C:\Documents and Settings\Alexander\Contacts 2008-01-16 09:15 . 2008-01-16 09:15 268 --ah----- C:\sqmdata00.sqm 2008-01-16 09:15 . 2008-01-16 09:15 244 --ah----- C:\sqmnoopt00.sqm 2008-01-16 09:12 . 2008-01-16 09:12 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\vlc 2008-01-16 09:10 . 2008-01-16 09:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-01-16 09:07 . 2008-01-16 09:07 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\dvdcss 2008-01-16 09:05 . 2008-01-16 09:05 <DIR> d-------- C:\Program Files\VideoLAN 2008-01-16 09:05 . 2008-01-16 09:09 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-16 09:04 . 2008-01-16 09:10 <DIR> d-------- C:\Program Files\Windows Live 2008-01-16 09:03 . 2008-01-16 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-16 08:58 . 2008-01-17 15:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-01-16 08:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-01-16 08:55 . 2008-01-16 08:55 <DIR> d---s---- C:\Documents and Settings\Alexander\UserData 2008-01-16 07:43 . 2008-01-16 07:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-01-16 07:42 . 2008-01-16 07:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-01-16 07:34 . 2008-01-16 07:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-16 07:33 . 2006-06-14 10:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-01-16 07:33 . 2006-06-14 10:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2008-01-16 07:33 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2008-01-16 07:33 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2008-01-16 07:33 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-01-16 07:33 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys 2008-01-16 07:33 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-01-16 07:33 . 2006-06-14 09:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-20 15:05 1,994,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-20 15:03 24,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-20 15:03 2,758,656 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-01-16 06:03 --------- d-----w C:\Documents and Settings\Alexander\Application Data\uTorrent 2008-01-16 05:54 --------- d-----w C:\Program Files\uTorrent 2008-01-16 05:53 --------- d-----w C:\Program Files\Alwil Software 2008-01-16 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-01-16 05:47 --------- d-----w C:\Program Files\Opera 2008-01-16 05:39 --------- d--h--w C:\Program Files\Uninstall Information 2008-01-16 05:08 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464] "Windows Taskmanager"="svchost.exe" [2004-08-04 13:00 14336 C:\WINDOWS\system32\svchost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}"= C:\WINDOWS\system32\nnnnonm.dll [ ] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-20 16:09:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-20 16:12:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-20 15:12:19 . 2008-01-17 14:16:56 --- E O F --- hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:22:44, on 20.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3115 bytes tror combo tok knekken på det, det lager en liksom svchost fil. håper dette kan være til hjelp Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Det siste msn, viruset bruker en moo.no adresse. msnprofiles.moo.no og msnphotos.moo.no disse er flyttet slik at de nå leder til http://moo.no/moo_virus.html for å heller gi beskjed om viruset, slik at nå sender viruset personen til denne siden i stedet for den som inneholder viruset, vist noen kunne ta på seg jobben med å skrive en lett forståelig måte å bli kvitt det kan det bli lagt ut der, slik at i steden for å bli infisert får man opp hvordan man sletter det. Lenke til kommentar
Lilac1 Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Fordel å ikke lage url-link til viruset da Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 som jeg sa er begge de linkene til en blank side som KUN informerer om viruset, og håper at noen skriver en tut om hvordan fjerne det så det kan bli lagft ut der Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå