Enda et msn virus?

Muffinman · 19. januar 2008

Har ingen anelse kva som skjer med IE, men Firefox prøvde å laste ned fila og då skjønner ein jo fort at noko er galt

Det skjønner du, og det skjønner jeg. Men ikke riktig alle. Ufred i heimen her....

:mad:

siDDis · 19. januar 2008

Då er det vell på tide med litt kursing i heimen?

Ikkje last ned og kjør alle type filer.

Ikkje bruk administrator kontoen til vanleg bruk.

Ikkje tru at ditt antivirus program faktisk fungerer.

Ikkje tru at din brannmur faktisk fungerer.

Faktisk så er det punkt 2 som er det viktigaste leddet her og som er det enklaste å gjere noko med og som også er mest brukervennligt. Eg synes det er skandaløst at ingen kan informere om akkurat det punktet skikkeleg. Neida bruk Anti-Virus heller! Det fikser alt! *sukk*

bigfeta · 19. januar 2008

Angriper dette bare xp? Eller vista også?

Poor Leno · 19. januar 2008

Ikkje last ned og kjør alle type filer.
Ikkje bruk administrator kontoen til vanleg bruk.

Ikkje tru at ditt antivirus program faktisk fungerer.

Ikkje tru at din brannmur faktisk fungerer.

Hihi, minte litt om janteloven... :wee:

Blabla1 · 19. januar 2008

Recommendation for MS DOS Application:

Trusted: Yes

Trojan: No

Chronic: No

Adware: No

Carrier: No

Browser Hijacker: No

Dialer: No

Commercial Keylogger: No

Remote Administration Tool: No

Suspected: No

-----------------------------------------

Tviler på at Anti-virus programmer bryr seg. Ser ikke ut til at det er skadelig, men bare irriterende.

Lastet den ned, men tror ikke det er lurt å kjøre den^^

EDIT: Jeg har ikke mye peiling på dette så det kan hende jeg skriver bare tull!

Angriper dette bare xp? Eller vista også?

Tror det funker på Vista siden det finnes MS-DOS i Vista og. Det brukes til å legge inn kommandoer i Vista ettersom jeg har hørt.

Endret 19. januar 2008 av Zonked223

snippsat · 19. januar 2008

Ja er vel så dårlig lagt dette msn viruset,at det er noen script kiddie som ler litt.

Det går ann og ha litt kontroll over prosesser som kjører på pcen.

Har det litt morsomt med og etterligne windows prosesser.

Eksp isass.exe god win prosess.

Så bytte om litt lssas.exe prosess som er smittet.

Så bruke litt mindere tid på msn,og prøve og lære seg litt om systemet sitt er vel greit.

Så skjønner man at dette er overhode ingen ting og ta på vei for.

Bare og fjerne det eller poste logg så får en hjelp her.

Endret 19. januar 2008 av SNIPPSAT

Lilac1 · 20. januar 2008

Win32:TratBHO[trojan]

Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag.

Det burde ikke vært lov å spamme slikt fra søte jenter:/

pmnkjhh.dll

Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit.

Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken.

Bah

Endret 20. januar 2008 av Lilac1

norbat · 20. januar 2008

Win32:TratBHO[trojan]
Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag.

Det burde ikke vært lov å spamme slikt fra søte jenter:/

pmnkjhh.dll

Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit.

Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken.

Bah

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Nexxi · 20. januar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:18, on 20.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Altiris\AClient\AClient.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\system32\ccsrvc.exe

C:\Program Files\Altiris\Carbon Copy\shellker.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\Altiris\CARBON~1\client.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Altiris\AClient\AClntUsr.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\PC Connectivity Solution\NclBTHandler.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\erikgraff\Local Settings\Temporary Internet Files\Content.IE5\L533X9C0\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gnt.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkklm.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {469D87F0-C90D-4BAC-B5D0-B817DE81A67F} - C:\WINDOWS\system32\jkklm.dll

O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\gebyvtt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon

O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

O4 - HKLM\..\Run: [c4227051] rundll32.exe "C:\WINDOWS\system32\ktsdfaoa.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3989921549-1602161148-146602872-1471\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3989921549-1602161148-146602872-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188590740661

O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://dwreports.fi.corp.int/crystalreport...tiveXViewer.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NO.CORP.INT

O17 - HKLM\Software\..\Telephony: DomainName = NO.CORP.INT

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NO.CORP.INT

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = NO.CORP.INT

O18 - Protocol: bw+0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {8135EC38-767D-4AAC-8FB1-BF85B90E7386} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: gebyvtt - C:\WINDOWS\SYSTEM32\gebyvtt.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe

O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe

O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 23725 bytes

Hadde vært hyggelig med hjelp fra de som kan det. Frua har fått dette på sin PC. Fryktelig irriterend:P

XanderX · 20. januar 2008

http://www1.vg.no/teknologi/artikkel.php?artid=508700

Tok ikke lang tid før det kom ut i media

Miniguru · 20. januar 2008

Den gamle utslitte, utdaterte stygge ulven Internet Explorer er den eg meiner ja

Har ingen anelse kva som skjer med IE, men Firefox prøvde å laste ned fila og då skjønner ein jo fort at noko er galt

Er jo likt i IE da, du får spørsmål om du vil åpne eller laste ned eller avbryte..

Så det ringer jo ei bjelle hos oppegående databrukere.

Så det er ikke rettferdig å skylde på IE i dette tilfellet

Ueland · 20. januar 2008

Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig)

Infinity · 20. januar 2008

Men kan noen fortelle meg hvordan jeg blir kvitt viruset? Har prøvd med avast, ad-aware og spybot men blir ikke kvitt det ser det ut som....

avast finner virus og jeg fjerner det, så går det en liten stund så kommer virusvarselet på igjen. Sånn har det holdt på siden igår da min kjære? fikk en msn fra ei venninne.......

siDDis · 20. januar 2008

Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig)

Det har eg ikkje merka her isåfall.

RMBB · 20. januar 2008

Haha, må ærlig inrømme at jeg trykkte på linken:P Men lukket vinduet før det kom noe i det. Men men, legger ut noen logger;)

Combofix

ComboFix 08-01-18.5 - Hest 2008-01-21 14:32:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.167 [GMT 1:00]

Running from: C:\Documents and Settings\Hest\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))

.

2008-01-20 23:56 . 2008-01-20 23:56 <DIR> d-------- C:\Programfiler\Trend Micro

2008-01-20 19:49 . 2008-01-21 12:59 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-20 19:49 . 2008-01-20 19:49 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\SUPERAntiSpyware.com

2008-01-20 19:49 . 2008-01-20 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-20 19:48 . 2008-01-20 19:48 <DIR> dr-h----- C:\Documents and Settings\Hest\Siste

2008-01-20 19:45 . 2008-01-20 19:45 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-20 18:51 . 2008-01-20 18:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-20 18:51 . 2008-01-20 18:51 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-19 20:52 . 2008-01-19 20:52 268 --ah----- C:\sqmdata08.sqm

2008-01-19 20:52 . 2008-01-19 20:52 244 --ah----- C:\sqmnoopt08.sqm

2008-01-19 16:45 . 2008-01-19 16:45 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-17 17:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-08 22:25 . 2008-01-08 22:25 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-08 22:25 . 2008-01-09 00:18 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\uTorrent

2008-01-06 18:22 . 2008-01-06 18:22 24,455 --a------ C:\WINDOWS\THEBIB~1.hlp

2008-01-05 23:38 . 2008-01-05 23:38 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-01-04 23:16 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-01-04 19:47 . 2008-01-04 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-01-04 19:46 . 2008-01-20 19:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-04 19:23 . 2008-01-04 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-01-04 19:23 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\Hest\Programdata\AVG7

2008-01-04 19:22 . 2008-01-04 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-01-04 19:22 . 2008-01-06 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-01-04 19:06 . 2008-01-04 19:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Programfiler\Telenor

2008-01-04 19:02 . 2008-01-04 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Telenor

2007-12-23 13:12 . 2007-12-23 13:12 <DIR> d-------- C:\Programfiler\Universal Interactive

2007-12-23 13:10 . 2008-01-04 21:02 73,898 --a------ C:\empsiklasttrace.xml

2007-12-23 12:54 . 2007-12-23 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-12 15:32 --------- d-----w C:\Programfiler\K-Lite Codec Pack

2008-01-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-04 18:47 --------- d-----w C:\Programfiler\Lavasoft

2007-12-15 11:30 --------- d-----w C:\Programfiler\Bullfrog

2007-12-02 14:56 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-02 14:55 --------- d-----w C:\Programfiler\Disney Interactive

2007-12-02 14:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Disney Interactive

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

.

((((((((((((((((((((((((((((( snapshot@2008-01-17_18.18.29.85 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-12 23:30:12 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2007-10-10 23:42:16 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll

+ 2007-10-10 23:42:16 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll

+ 2007-10-10 23:42:16 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll

+ 2007-10-10 23:42:16 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll

+ 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe

+ 2007-10-10 23:42:16 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll

+ 2007-10-10 23:42:17 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll

+ 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll

+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat

+ 2007-10-10 23:42:17 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll

+ 2007-10-10 23:42:18 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll

+ 2007-10-10 23:42:22 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll

+ 2007-10-10 23:42:22 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll

+ 2007-10-10 23:42:23 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll

+ 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe

+ 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

+ 2007-10-10 23:42:24 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll

+ 2007-10-10 23:42:25 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll

+ 2007-10-10 23:42:25 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll

+ 2007-10-30 23:42:34 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll

+ 2007-10-10 23:42:29 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll

+ 2007-10-10 23:42:29 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll

+ 2007-10-10 23:42:30 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll

+ 2007-10-10 23:42:30 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll

+ 2007-10-10 23:42:30 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll

+ 2007-10-10 23:42:31 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll

+ 2007-10-10 23:42:31 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll

+ 2007-10-10 23:42:32 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

+ 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll

+ 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe

+ 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll

+ 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe

+ 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll

- 2008-01-17 16:57:38 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-21 13:32:33 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-17 16:57:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-21 13:32:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-17 16:57:39 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-21 13:32:33 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-17 16:57:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-21 13:32:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-17 16:57:39 2,359,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-21 13:32:33 2,392,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-17 16:57:39 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-21 13:32:33 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 17:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll

+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll

+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll

+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll

+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe

+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll

+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll

+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll

+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat

+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll

+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll

+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll

+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll

+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll

+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe

+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe

+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll

+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll

+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll

+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll

+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll

+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll

+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll

+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll

+ 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe

+ 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll

+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll

+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll

+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll

+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

+ 2008-01-20 18:49:15 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-20 18:49:15 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-20 18:49:15 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

- 2007-08-13 17:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2007-10-10 23:53:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2007-10-10 23:53:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2007-08-13 17:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2007-10-10 23:53:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-08-13 17:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2007-10-10 23:53:52 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2007-10-10 23:53:52 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2007-10-10 11:02:27 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2007-10-10 23:53:52 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2007-10-10 23:53:52 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-08-13 16:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat

+ 2007-10-10 23:53:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2007-10-10 23:53:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2007-10-10 23:53:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2007-10-10 23:53:54 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2007-10-10 23:53:54 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2007-10-10 11:02:43 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-08-13 17:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2007-10-10 23:53:55 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2007-10-10 23:53:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2007-10-10 23:53:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-08-13 17:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2007-10-30 23:30:15 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-08-13 17:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2007-10-10 23:53:58 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-08-13 17:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2007-10-10 23:53:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-08-13 17:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2007-10-10 23:53:59 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll

+ 2007-10-10 23:53:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2007-10-10 23:53:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2007-08-13 17:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-10-10 23:53:59 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-08-13 17:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:32:20 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

- 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2007-10-10 23:54:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-08-13 17:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2007-10-10 23:54:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2007-08-13 17:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2007-10-10 23:53:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-08-13 17:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2007-10-10 23:53:52 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-08-13 17:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll

+ 2007-10-10 23:53:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-08-13 17:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2007-10-10 11:02:27 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-08-13 17:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2007-10-10 23:53:52 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-08-13 17:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2007-10-10 23:53:52 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-08-13 16:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-02-12 15:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat

+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat

- 2007-07-11 11:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll

+ 2007-10-10 23:53:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-08-13 17:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2007-10-10 23:53:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-08-13 17:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll

+ 2007-10-10 23:53:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-08-13 17:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2007-10-10 23:53:54 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-08-13 17:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll

+ 2007-10-10 23:53:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-08-13 17:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-08-13 17:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-10-10 23:53:55 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2007-08-13 17:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll

+ 2007-10-10 23:53:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-08-13 17:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll

+ 2007-10-10 23:53:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-08-13 17:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2007-10-30 23:30:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-08-13 17:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2007-10-10 23:53:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-08-13 17:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2007-10-10 23:53:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-08-13 17:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2007-10-10 23:53:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2007-08-13 17:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll

+ 2007-10-10 23:53:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll

- 2007-08-13 17:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2007-10-10 23:53:59 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-08-13 17:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2007-10-10 23:53:59 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-08-13 17:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2007-10-10 23:54:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-08-13 17:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-10-10 23:54:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2006-10-22 12:22 86016]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Programfiler\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]

"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

"SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]

"OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-04 19:22 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-04 19:22 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07]

S3 bfastfao;bfastfao;C:\DOCUME~1\Hest\LOKALE~1\Temp\bfastfao.sys []

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 14:35:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-21 14:36:35

ComboFix-quarantined-files.txt 2008-01-21 13:36:13

ComboFix2.txt 2008-01-17 17:18:59

.

2008-01-17 17:24:02 --- E O F ---

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/21/2008 at 02:02 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384

Trace Rules Database Version: 1378

Scan type : Complete Scan

Total Scan Time : 01:02:17

Memory items scanned : 398

Memory threats detected : 0

Registry items scanned : 4496

Registry threats detected : 0

File items scanned : 45740

File threats detected : 6

Adware.Tracking Cookie

C:\Documents and Settings\Hest\Cookies\hest@adtech[2].txt

C:\Documents and Settings\Hest\Cookies\[email protected][1].txt

C:\Documents and Settings\Hest\Cookies\[email protected][2].txt

C:\Documents and Settings\Hest\Cookies\hest@atdmt[2].txt

C:\Documents and Settings\Hest\Cookies\hest@advertising[1].txt

C:\Documents and Settings\Hest\Cookies\[email protected][1].txt

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:06:08, on 21.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\D-Tools\daemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Programfiler\Telenor\Online Start\Telenor.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\run.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179242788154

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179243819842

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6397 bytes

Lilac1 · 20. januar 2008

Win32:TratBHO[trojan]
Det avast mener i alle fall, funnet filen det gjelder, og skal prøve Snippsat's forslag.

Det burde ikke vært lov å spamme slikt fra søte jenter:/

pmnkjhh.dll

Får ikke fjernet, ikke i safemode heller, hverken fra hijackthis eller regedit.

Virusfilen lager enda en bogus .dll fil hver gang jeg kobler til internett, avast oppdager denne med en gang og tilbyr å slette den, men avast finner ikke noe suspekt med den originale .dll filen som ble opprettet akkurat da jeg åpnet linken.

Bah

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Combofix bekreftet mistankene mine, og slettet .dll filen.

Hva kan jeg si, dette programmet fjerner jeg ikke med det første.

Stor takk til deg!

Her er loggen

Klikk for å se/fjerne spoilerteksten nedenfor

ComboFix 08-01-20.1 - Bjornar 2008-01-20 15:36:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT 1:00]

Running from: C:\Documents and Settings\Bjornar\Desktop\Combo\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\pmnkjhh.dll

C:\WINDOWS\system32\x64

.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))

.

2008-01-20 15:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 01:51 . 2008-01-20 03:10 <DIR> d-------- C:\Program Files\XoftSpySE

2008-01-20 00:38 . 2008-01-20 00:38 <DIR> d-------- C:\WINDOWS\Sun

2008-01-20 00:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-20 00:37 . 2008-01-20 00:38 <DIR> d-------- C:\Program Files\Java

2008-01-20 00:37 . 2008-01-20 00:37 <DIR> d-------- C:\Program Files\Common Files\Java

2008-01-20 00:29 . 2008-01-20 00:29 <DIR> d-------- C:\Program Files\Winamp

2008-01-19 19:46 . 2008-01-19 19:46 376 --a------ C:\WINDOWS\ODBC.INI

2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-01-19 19:45 . 2008-01-19 19:45 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2008-01-19 19:34 . 2008-01-19 19:34 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-19 19:34 . 2008-01-19 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-19 19:33 . 2008-01-19 19:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-19 17:15 . 2004-09-04 03:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-01-19 17:15 . 2007-01-23 16:40 42,496 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-01-19 17:15 . 2007-02-24 14:42 39,936 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-01-19 17:15 . 2007-01-23 17:03 37,376 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys

2008-01-19 17:15 . 2005-05-07 12:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll

2008-01-19 08:53 . 2008-01-19 08:53 268 --ah----- C:\sqmdata00.sqm

2008-01-19 08:53 . 2008-01-19 08:53 244 --ah----- C:\sqmnoopt00.sqm

2008-01-19 08:50 . 2008-01-19 08:53 <DIR> d-------- C:\Program Files\Windows Live

2008-01-19 08:50 . 2008-01-19 08:52 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-19 08:50 . 2008-01-19 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-19 08:44 . 2008-01-19 17:15 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-01-19 08:44 . 2008-01-19 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters

2008-01-19 08:43 . 2008-01-19 08:43 <DIR> d-------- C:\Program Files\Driver Detective

2008-01-19 08:12 . 2008-01-19 08:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel

2008-01-19 07:17 . 2008-01-19 07:17 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-01-19 07:16 . 2008-01-19 07:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel

2008-01-19 07:16 . 2008-01-19 02:26 <DIR> d-------- C:\Program Files\Intel

2008-01-19 07:16 . 2008-01-19 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel

2008-01-19 07:16 . 2006-11-08 16:40 2,732,032 --a------ C:\WINDOWS\system32\NETw3r32.dll

2008-01-19 07:16 . 2006-11-15 05:48 1,711,488 --a------ C:\WINDOWS\system32\drivers\NETw3x32.sys

2008-01-19 07:16 . 2006-11-08 16:39 561,152 --a------ C:\WINDOWS\system32\NETw3c32.dll

2008-01-19 04:36 . 2008-01-19 21:18 <DIR> d-------- C:\Programmer

2008-01-19 04:29 . 2008-01-19 19:56 <DIR> d-------- C:\Program Files\Steam

2008-01-19 04:21 . 2008-01-19 04:21 <DIR> d-------- C:\Program Files\QuickGamma

2008-01-19 03:33 . 2008-01-19 03:33 <DIR> d-------- C:\WINDOWS\Options

2008-01-19 03:33 . 2006-08-31 14:34 68,608 --a------ C:\WINDOWS\system32\agrsmdel.exe

2008-01-19 03:22 . 2008-01-19 03:24 <DIR> d-------- C:\Program Files\Lenovo Fingerprint Software

2008-01-19 03:17 . 2008-01-19 17:33 <DIR> d-------- C:\Program Files\Lenovo

2008-01-19 03:17 . 2006-11-13 10:41 862,922 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys

2008-01-19 03:17 . 2006-10-30 10:52 329,901 --a------ C:\WINDOWS\system32\drivers\btaudio.sys

2008-01-19 03:17 . 2006-10-30 10:51 149,123 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys

2008-01-19 03:17 . 2006-10-30 10:52 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll

2008-01-19 03:17 . 2006-10-30 10:51 67,672 --a------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-01-19 03:17 . 2006-10-30 10:51 30,459 --a------ C:\WINDOWS\system32\drivers\btport.sys

2008-01-19 03:17 . 2006-10-30 10:52 30,285 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys

2008-01-19 02:52 . 2008-01-19 02:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-01-19 02:47 . 2008-01-19 02:47 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-01-19 02:47 . 2007-08-24 11:00 172,032 --a------ C:\WINDOWS\system32\igfxres.dll

2008-01-19 02:47 . 2008-01-19 02:47 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-01-19 02:45 . 2008-01-19 02:45 <DIR> d-------- C:\Program Files\Realtek

2008-01-19 02:44 . 2007-07-26 17:09 520,192 --a------ C:\WINDOWS\RtlExUpd.dll

2008-01-19 02:44 . 2008-01-19 02:44 315,392 --a------ C:\WINDOWS\HideWin.exe

2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\Program Files\Unibrain

2008-01-19 02:37 . 2008-01-19 02:37 <DIR> d-------- C:\Program Files\Intel Desktop Board

2008-01-19 02:31 . 2008-01-19 02:38 <DIR> d-------- C:\Drivere

2008-01-19 02:26 . 2007-08-10 16:12 53,248 --a------ C:\WINDOWS\system32\CSVer.dll

2007-12-31 11:03 . 2007-12-31 11:03 2,068,480 --a--c--- C:\WINDOWS\system32\dllcache\cdosys.dll

2007-12-31 11:02 . 2007-12-31 11:02 1,852,928 --a--c--- C:\WINDOWS\system32\dllcache\acgenral.dll

2007-12-31 11:02 . 2007-12-31 11:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll

2007-12-31 11:02 . 2007-12-31 11:02 100,352 --a--c--- C:\WINDOWS\system32\dllcache\6to4svc.dll

2007-12-31 11:02 . 2007-12-31 11:02 100,352 --a------ C:\WINDOWS\system32\6to4svc.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-19 05:27 --------- d-----w C:\Program Files\Broadcom

2008-01-19 05:24 --------- d-----w C:\Program Files\Alwil Software

2008-01-19 05:05 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-19 05:01 --------- d--h--w C:\Program Files\Uninstall Information

2008-01-19 05:00 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-01-19 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-19 02:04 161,792 ----a-w C:\WINDOWS\system32\drivers\b57xp32.sys

2008-01-19 01:44 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-31 10:31 82,944 ----a-w C:\WINDOWS\system32\drivers\wudfrd.sys

2007-12-31 10:31 77,568 ----a-w C:\WINDOWS\system32\drivers\wudfpf.sys

2007-12-31 10:31 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys

2007-12-31 10:13 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2007-12-31 10:13 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys

2007-12-31 10:13 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2007-12-31 10:13 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2007-12-31 10:13 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys

2007-12-31 10:13 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys

2007-12-31 10:13 42,496 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2007-12-31 10:13 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2007-12-31 10:13 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2007-12-31 10:13 36,992 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2007-12-31 10:13 36,480 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2007-12-31 10:13 35,456 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2007-12-31 10:13 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2007-12-31 10:13 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys

2007-12-31 10:13 25,472 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys

2007-12-31 10:13 23,936 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys

2007-12-31 10:13 23,808 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys

2007-12-31 10:13 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2007-12-31 10:13 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys

2007-12-31 10:13 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys

2007-12-31 10:13 16,000 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys

2007-12-31 10:13 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys

2007-12-31 10:13 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2007-12-31 10:13 12,416 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2007-12-31 10:13 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-31 10:13 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys

2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys

2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys

2007-12-31 10:13 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys

2007-12-31 10:13 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys

2007-12-31 10:05 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2007-12-31 10:05 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys

2007-12-31 10:05 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2007-12-31 10:05 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2007-12-31 10:04 78,720 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys

2007-12-31 10:04 62,336 ----a-w C:\WINDOWS\system32\drivers\rspndr.sys

2007-12-31 10:04 61,312 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys

2007-12-31 10:04 454,912 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2007-12-31 10:04 202,496 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2007-12-31 10:04 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-31 10:04 19,712 ----a-w C:\WINDOWS\system32\drivers\partmgr.sys

2007-12-31 10:04 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2007-12-31 10:04 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

2007-12-31 10:04 163,456 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys

2007-12-31 10:04 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2007-12-31 10:04 12,032 ----a-w C:\WINDOWS\system32\drivers\sffdisk.sys

2007-12-31 10:04 11,008 ----a-w C:\WINDOWS\system32\drivers\sffp_sd.sys

2007-12-31 10:04 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2007-12-31 10:04 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys

2007-12-31 10:03 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys

2007-12-31 10:03 62,592 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys

2007-12-31 10:03 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2007-12-31 10:03 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll

2007-12-31 10:03 41,984 ----a-w C:\WINDOWS\system32\drivers\imapi.sys

2007-12-31 10:03 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys

2007-12-31 10:03 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2007-12-31 10:03 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys

2007-12-31 10:03 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll

2007-12-31 10:03 145,920 ----a-w C:\WINDOWS\system32\drivers\hdaudio.sys

2007-12-31 10:03 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll

2007-12-31 10:03 138,752 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys

2007-12-31 10:03 136,320 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2007-12-31 10:03 129,920 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys

2007-12-31 10:03 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll

2007-12-31 10:03 10,752 ----a-w C:\WINDOWS\hh.exe

2007-12-31 10:03 1,033,216 ----a-w C:\WINDOWS\explorer.exe

2007-12-31 10:02 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll

2007-12-31 10:02 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll

2007-12-20 17:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys

2007-12-20 15:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-20 17:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe

2007-11-07 16:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"QuickGammaLoader"="C:\Program Files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 00:13 68096]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-05 17:13 141848]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-05 17:13 166424]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-05 17:13 137752]

"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe]

"FingerPrintSoftware"="C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" [2007-03-02 06:32 933888]

"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 16:40 89542 C:\WINDOWS\AGRSMMSG.exe]

"PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 05:26 31840]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

C:\WINDOWS\system32\FpWinLogonNp.dll 2007-02-27 17:26 131072 C:\WINDOWS\system32\FpWinlogonNp.dll

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2006-05-24 11:48]

R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 17:25]

R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 17:25]

R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 17:25]

S3 FingerprintServer;Fingerprint Server;C:\WINDOWS\system32\FpLogonServ.exe [2007-01-19 15:16]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 15:41:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-20 15:43:25 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-20 14:43:04

.

2008-01-20 02:01:25 --- E O F --- [/spoiler

Endret 20. januar 2008 av Lilac1

KillYou · 20. januar 2008

Jeg innfiserte meg selv med vilje, for å prøve å leke smart, å se hvordan det fungerte.

tror jeg har fått vekk det meste men vet ikke, her er loggene vertfall

Combofix

ComboFix 08-01-20.1 - Alexander 2008-01-20 15:48:19.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.387 [GMT 1:00]

Running from: C:\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\efcdbyx.dll

C:\WINDOWS\system32\nnnnonm.dll

.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))

.

2008-01-20 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 15:41 . 2008-01-20 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-01-20 15:40 . 2008-01-20 15:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-01-20 15:40 . 2008-01-20 15:40 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\SUPERAntiSpyware.com

2008-01-20 15:38 . 2008-01-20 15:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-20 15:35 . 2008-01-20 15:35 1,550,759 --a------ C:\ComboFix.exe

2008-01-20 15:34 . 2008-01-20 15:35 401,720 --a------ C:\HiJackThis.exe

2008-01-20 14:25 . 2008-01-20 14:26 <DIR> d-------- C:\Program Files\mIRC

2008-01-20 14:25 . 2008-01-20 15:49 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\mIRC

2008-01-19 13:58 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-01-19 13:36 . 2008-01-19 13:36 <DIR> d-------- C:\Program Files\Advanced Port Scanner

2008-01-17 06:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-01-17 06:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-01-17 06:50 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-01-16 14:53 . 2008-01-16 14:53 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-16 14:52 . 2008-01-19 19:26 <DIR> d-------- C:\Program Files\Mozilla Thunderbird

2008-01-16 14:52 . 2008-01-16 14:53 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\Thunderbird

2008-01-16 13:54 . 2008-01-16 13:54 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory

2008-01-16 13:38 . 2008-01-16 13:38 <DIR> d-------- C:\Program Files\ScreenPrint32 v3

2008-01-16 13:38 . 2008-01-16 13:38 249,856 --------- C:\WINDOWS\Setup1.exe

2008-01-16 13:38 . 2008-01-16 13:38 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-16 13:34 . 1997-01-16 00:00 71,680 --a------ C:\WINDOWS\ST5UNST.EXE

2008-01-16 13:34 . 1997-01-16 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll

2008-01-16 12:48 . 2008-01-16 12:48 <DIR> d-------- C:\Live!Cam

2008-01-16 11:53 . 2008-01-16 14:47 <DIR> d-------- C:\Documents and Settings\Alexander\Contacts

2008-01-16 09:15 . 2008-01-16 09:15 268 --ah----- C:\sqmdata00.sqm

2008-01-16 09:15 . 2008-01-16 09:15 244 --ah----- C:\sqmnoopt00.sqm

2008-01-16 09:12 . 2008-01-16 09:12 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\vlc

2008-01-16 09:10 . 2008-01-16 09:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-01-16 09:07 . 2008-01-16 09:07 <DIR> d-------- C:\Documents and Settings\Alexander\Application Data\dvdcss

2008-01-16 09:05 . 2008-01-16 09:05 <DIR> d-------- C:\Program Files\VideoLAN

2008-01-16 09:05 . 2008-01-16 09:09 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-16 09:04 . 2008-01-16 09:10 <DIR> d-------- C:\Program Files\Windows Live

2008-01-16 09:03 . 2008-01-16 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-16 08:58 . 2008-01-17 15:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-01-16 08:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-01-16 08:55 . 2008-01-16 08:55 <DIR> d---s---- C:\Documents and Settings\Alexander\UserData

2008-01-16 07:43 . 2008-01-16 07:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-01-16 07:42 . 2008-01-16 07:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2008-01-16 07:34 . 2008-01-16 07:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-16 07:33 . 2006-06-14 10:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-01-16 07:33 . 2006-06-14 10:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-01-16 07:33 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-01-16 07:33 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys

2008-01-16 07:33 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-01-16 07:33 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys

2008-01-16 07:33 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-01-16 07:33 . 2006-06-14 09:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 15:05 1,994,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-20 15:03 24,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-20 15:03 2,758,656 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-01-16 06:03 --------- d-----w C:\Documents and Settings\Alexander\Application Data\uTorrent

2008-01-16 05:54 --------- d-----w C:\Program Files\uTorrent

2008-01-16 05:53 --------- d-----w C:\Program Files\Alwil Software

2008-01-16 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-01-16 05:47 --------- d-----w C:\Program Files\Opera

2008-01-16 05:39 --------- d--h--w C:\Program Files\Uninstall Information

2008-01-16 05:08 --------- d-----w C:\Program Files\microsoft frontpage

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 20:36 446464]

"Windows Taskmanager"="svchost.exe" [2004-08-04 13:00 14336 C:\WINDOWS\system32\svchost.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}"= C:\WINDOWS\system32\nnnnonm.dll [ ]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]

R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 16:09:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-20 16:12:28 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-20 15:12:19

.

2008-01-17 14:16:56 --- E O F ---

hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:22:44, on 20.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Opera\Opera.exe

C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 3115 bytes

tror combo tok knekken på det, det lager en liksom svchost fil. håper dette kan være til hjelp

KillYou · 20. januar 2008

Det siste msn, viruset bruker en moo.no adresse.

msnprofiles.moo.no og msnphotos.moo.no

disse er flyttet slik at de nå leder til

http://moo.no/moo_virus.html

for å heller gi beskjed om viruset, slik at nå sender viruset personen til denne siden i stedet for den som inneholder viruset,

vist noen kunne ta på seg jobben med å skrive en lett forståelig måte å bli kvitt det kan det bli lagt ut der, slik at i steden for å bli infisert får man opp hvordan man sletter det.

Lilac1 · 20. januar 2008

Fordel å ikke lage url-link til viruset da :thumbup:

KillYou · 20. januar 2008

som jeg sa er begge de linkene til en blank side som KUN informerer om viruset, og håper at noen skriver en tut om hvordan fjerne det så det kan bli lagft ut der

Enda et msn virus?

Anbefalte innlegg

Lenke til kommentar

Videoannonse

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Hvem er aktive 0 medlemmer