sbaerheim Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Jeg fikk også dette viruset. Ligger det lokalt på maskinen eller vil det følge msn-kontoen? Altså... hvis jeg logger på msn fra en annen pc, vil kontoen min fremdeles sende ut slike bildemeldinger? Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Det ligger lokalt, de som er infisert kan bruke netmessenger i mellomtiden for å forhindre at det sprer seg fra deg.... Lenke til kommentar
Pixl. Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 ahhh.:!!! klikker snart ass, når skal de få stoppet dette viruset? får konstand meldinger"hehe, er dette deg?"-.-"se hva jeg fant på nettet, deg?" osv. osv... plagsomt har heldigvis ikke fått noe virus da scanner dataen hver 3 time eller noe. ikke lastet ned innholdet) Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Send en link til denne siden, og fortell dem om hva de kan gjøre for å fjerne det.... Lenke til kommentar
Ekko Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 (endret) Jeg var så dum/uheldig at jeg klikket på en slik link mottatt fra en kammerat. Meldingen var haha og link til et bilde med epost-adressen min bak. Adressen var noe med "moo" Jeg klikket som sagt på den og fikk opp en webside som sa at dette var et virus. Det jeg lurer på er om jeg kan ha fått viruset eller om denne siden er lagt inn i ettertid etter man har oppdaget viruset for å stoppe det? EDIT: Never mind. Jeg limte den inn i opera og fikk følgende info på websiden Advarsel! Hvis du har kommet til denne siden er det fordi du har fulgt en lenke, antakelig fra en i kontaktlisten din på MSN som er infisert med en trojan. Vennligst informer den du fikk denne meldingen ifra om at de er infisert og må skanne maskinen sin for virus/trojaner. Du er forøvrig IKKE infisert om du har fulgt en lenke som peker til denne siden. Les mer på http://www1.vg.no/teknologi/artikkel.php?artid=508700 Gå til moo.no Warning! If you are reading this, you have probably followed a link, possibly from someone in your MSN contact list that is infected with a trojan. Please tell the person to have their computer scanned for viruses/trojans. You are however NOT infected your self by following a link that leads to this page. Go to moo.no Endret 20. januar 2008 av Ekko Lenke til kommentar
KillYou Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Ja LatHans(han som driver moo.no) skiftet ut disse i går, så alle som har det msn viruset som linker til msnphotos.moo.no og msnprofiles.moo.no kan ikke smitte flere, det som er viktig er å få opp en enkel veiledning til å slette disse. Ikke personlig men de fleste som starter en ukjent kjørbar fil, trenger litt hjelp med å fjerne ting som dette. Så vist noen med en god del erfaring med virus å slik(norbat?) tar seg tid til å skrive en liten tut, vil den bli lagt ut på den siden som de to moo.no sidene linker til. Lenke til kommentar
Ueland Skrevet 20. januar 2008 Del Skrevet 20. januar 2008 Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig) Det har eg ikkje merka her isåfall. Godt mulig det ikke stemmer, eventuelt har nok noen bare hatt det morsomt siden noen av disse personene trodde jeg ikke var en han Lenke til kommentar
aaeal Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Jeg har windows vista. jeg trykket på en sånn link, det som sjedde var at det åpna seg to blanke vinduer, og ikke noe mer. Jeg har ikke trøbbel med msn min, og når jeg åpner msn bloggen å skjekker folk som har vært på samtidig som meg, ser jeg at jeg ikke har sendt videre noen linker. Er PC-en min infisert? Lenke til kommentar
Programvare Skrevet 21. januar 2008 Del Skrevet 21. januar 2008 Hvis du ikke har merket noe trøbbel, er det ikke sikkert du er infisert, men jeg ville allikevel ha postet en hijackthis-logg for å være sikker Lenke til kommentar
aaeal Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:52:41, on 22.01.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Telenor\Online Start\Telenor.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Windows\system32\taskeng.exe C:\Program Files\LimeWire\LimeWire.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11616 bytes Lenke til kommentar
norbat Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Du har en tjeneste knyttet til BOONTY kjørende. Den kan du disable (skriv: services.msc i kjør-vinduet, høyreklikk på tjenesten, velg egenskaper. Under oppstartstype, setter du Deaktivert) Kjør gjerne en full scan med antispywareprog. SAS (gratisversjonen) Lenke til kommentar
Ronya Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Kunne noen tatt en titt på min hijackthis-logg? PCen minoppfører seg litt besynderlig.. Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: DirectEdit - https://www.itslearning.com//file/DirectEdit.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.2.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\72sp1\quartus\bin\jtagserver.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10410 bytes Lenke til kommentar
norbat Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Umiddelbart ikke noe spesielt å se. På hvilken måte oppfører pc-en seg besyndelig? Lenke til kommentar
r2d290 Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 (endret) jeg driver med SAS nå, men etter 6 minutter sluttet den å jobbe (ser det ut til). Eneste tegn til at ting skjer, er at "elapsed time" tikker og går. det er nå 6 minutt siden den klikka. den klikket i samme sekund som den fant to adware. skal jeg avbryte? edit: jeg slettet et spm, da jeg fikk svar på egenhånd. Svar likavell på det spm som står i denne posten... Endret 22. januar 2008 av r2d290 Lenke til kommentar
Ronya Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Jeg fikk den der linken på msn for noen dager siden, men jeg trykket ikke på den. Så jeg trodde egentlig ikke at det var det som var galt, men PCen har oppført seg rart etter det. Men det er vel sikkert tilfeldig. Skjermen har plutselig blitt svart noen ganger, og idag morges var den helt umulig. Prøvde å starte den på vanlig måte, men da kom det opp at Windows måtte scanne maskinen, og så scannet den sånn ca 60 000 filer og så kom den ikke lengre. Slo av PCen og prøvde å starte den på vanlig måte en gang til, men det samme kom opp. Det sto at jeg kunne avbryte ved å trykke en tast, men det hjalp ikke. Denne gangen kom den til sånn ca 70 000 filer før den stoppet helt opp. Så prøvde jeg å starte den i sikker modus. Ingenting skjedde. Så slo jeg den av og på igjen og valgte et alternativ som heter "Reparer datamaskinen" (jeg har Vista), og det hjalp. Og når jeg fikk den igang har jeg kjørt en virusscan med Avast og scannet den med ad-aware. Den har forsåvidt virket ok etter det, men den har fortsatt med en ting, og det er av at av og til så flimrer skjermen. Akkurat som om skjermbildet rister litt på seg. Det varer bare i en brøkdel av et sekund hver gang, men det skal jo ikke være sånn... Hm.. Lenke til kommentar
norbat Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Ronya: Du kunne ha prøvd combofix med tilhørende logg. Kanskje den kan vise noe mer ... Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører da PC-en kan fryse. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Ronya Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 norbat: Combofix-logg: * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))) . 2008-01-22 20:19 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe 2008-01-22 20:01 . 2008-01-22 20:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-22 10:45 . 2008-01-22 10:45 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-22 10:44 . 2008-01-22 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-22 09:02 . 2008-01-22 09:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-22 09:01 . 2008-01-22 09:05 <DIR> d-------- C:\Program Files\Windows Live 2008-01-14 21:51 . 2008-01-14 21:51 <DIR> d-------- C:\Windows\Downloaded Installations 2008-01-14 21:51 . 2008-01-14 21:56 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-01-14 12:23 . 2008-01-18 10:09 <DIR> d-------- C:\Case 2008-01-10 13:24 . 2008-01-10 13:25 <DIR> d-------- C:\Licensedir 2008-01-09 23:12 . 2008-01-09 23:12 <DIR> d-------- C:\Program Files\Macrovision 2008-01-09 22:36 . 2008-01-09 22:36 <DIR> d-------- C:\Windows\System32\RNBOSENT 2008-01-09 22:36 . 2007-07-07 07:11 76,288 --a------ C:\Windows\System32\drivers\SENTINEL.SYS 2008-01-09 22:36 . 2007-07-07 07:11 50,176 --a------ C:\Windows\System32\SNTI386.DLL 2008-01-09 22:36 . 2007-07-07 07:11 26,120 --a------ C:\Windows\System32\drivers\SNTNLUSB.SYS 2008-01-09 22:36 . 2007-07-07 07:11 18,432 --a------ C:\Windows\System32\RNBOVDD.DLL 2008-01-09 22:36 . 2007-07-07 07:11 9,949 --------- C:\Windows\System32\SENTINEL.HLP 2008-01-09 22:36 . 2007-07-07 07:09 7,680 --a------ C:\Windows\System32\drivers\pgdhdlc.sys 2008-01-09 22:31 . 2006-05-24 09:45 176,128 --a------ C:\Windows\System32\ftd2xx.dll 2008-01-09 22:31 . 2006-05-24 09:47 106,496 --a------ C:\Windows\System32\ftbusui.dll 2008-01-09 22:31 . 2006-05-18 08:48 47,249 --a------ C:\Windows\System32\drivers\ftdibus.sys 2008-01-09 09:43 . 2008-01-09 09:43 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 09:43 . 2008-01-09 09:43 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 09:43 . 2008-01-09 09:43 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 09:43 . 2008-01-09 09:43 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 09:43 . 2008-01-09 09:43 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 09:41 . 2008-01-09 09:41 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 09:41 . 2008-01-09 09:41 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 09:20 . 2008-01-09 09:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 09:20 . 2008-01-09 09:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 09:20 . 2008-01-09 09:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 09:20 . 2008-01-09 09:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 09:20 . 2008-01-09 09:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 09:20 . 2008-01-09 09:20 25,656 --a------ C:\Windows\System32\drivers\msahci.sys 2008-01-09 09:20 . 2008-01-09 09:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 09:20 . 2008-01-09 09:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-09 09:19 . 2008-01-09 09:19 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-08 12:44 . 2008-01-08 12:44 <DIR> d-------- C:\Windows\System32\1033 2008-01-07 23:34 . 2008-01-07 23:35 <DIR> d-------- C:\Program Files\MSDN 2008-01-07 22:27 . 2008-01-07 22:27 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-01-07 22:27 . 2008-01-07 22:27 <DIR> d-------- C:\Program Files\Microsoft Device Emulator 2008-01-07 22:18 . 2008-01-07 22:18 172 --a------ C:\Windows\ODBC.INI 2008-01-07 17:31 . 2008-01-07 17:31 <DIR> d-------- C:\Windows\Symbols 2008-01-07 17:31 . 2008-01-07 22:02 <DIR> d-------- C:\Program Files\HTML Help Workshop 2008-01-07 17:31 . 2008-01-08 12:42 <DIR> d-------- C:\Program Files\Common Files\Merge Modules 2008-01-07 17:31 . 2008-01-07 17:35 <DIR> d-------- C:\Program Files\Common Files\Business Objects 2008-01-07 17:31 . 2008-01-07 17:31 <DIR> d-------- C:\Program Files\CE Remote Tools 2008-01-07 16:25 . 2008-01-09 00:24 <DIR> d-------- C:\Microsoft Visual Studio 2008-01-07 16:16 . 2008-01-08 12:41 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-01-02 17:20 . 2008-01-02 17:20 59 --a------ C:\Windows\pp.enc 2007-12-25 15:36 . 2007-12-25 15:36 <DIR> d-------- C:\Program Files\Samsung 2007-12-25 04:03 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll 2007-12-25 03:58 . 2007-12-25 03:58 59 --a------ C:\Windows\wininit.ini 2007-12-25 03:55 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys 2007-12-25 03:55 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys 2007-12-25 03:55 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys 2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys 2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys 2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys 2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys 2007-12-25 03:54 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys 2007-12-25 03:31 . 2007-12-25 04:00 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers 2007-12-25 03:31 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-09 10:50 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 08:41 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-09 08:41 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-09 08:41 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-09 08:41 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-09 08:20 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-08 12:44 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-01-07 21:57 --------- d-----w C:\Program Files\Microsoft.NET 2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2007-12-12 06:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-12 06:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-12 06:49 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-12 06:48 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-12 06:48 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-12 06:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-12 06:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-12 06:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-12 06:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-12 06:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-12 06:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-12 06:46 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-12 06:46 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr 2007-12-02 16:09 --------- d-----w C:\Program Files\Skype 2007-12-01 15:09 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-17 10:22 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-15 09:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-15 09:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-15 09:39 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-15 09:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-15 09:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-15 09:39 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-15 09:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-15 09:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-15 09:39 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-15 09:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-15 09:37 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2007-11-15 09:37 8,704 ----a-w C:\Windows\System32\hccoin.dll 2007-08-30 10:23 174 --sha-w C:\Program Files\desktop.ini 2007-03-28 11:30 14,356 ------w C:\Program Files\cxbu0wdm.cat 2007-02-28 09:04 7,153 ------w C:\Program Files\readme_cm3x21.txt 2007-02-28 07:38 91,008 ------w C:\Program Files\cxbu0wdm.sys 2007-02-28 07:32 14,096 ------w C:\Program Files\cxbu0wdm.inf 2007-02-27 16:50 393,216 ------w C:\Program Files\cmdiag.cpl 2007-02-19 14:12 65,536 ------w C:\Program Files\chksvrn.dll 2006-11-20 14:43 241,664 ------w C:\Program Files\cmabout.dll 2006-11-20 13:37 142 ------w C:\Program Files\cmabout.ini 2006-07-05 08:59 10,229 ------w C:\Program Files\cmdiag.ini 2006-02-08 12:43 41,926 ------w C:\Program Files\OK.BMP 2007-05-26 19:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-05-26 19:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-05-26 19:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-08-26 09:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-08-26 09:44 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-08-26 09:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:19 1232896] "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-09 17:45 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 01:50 1021224] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 02:09 842584] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29 102400] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05] R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 10:51] S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;C:\Windows\system32\drivers\ftdibus.sys [2006-05-18 08:48] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30] S3 NETw3v32;Intel® PRO/Wireless 3945ABG kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2007-02-22 18:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a88c3a3-c5c3-11dc-a479-0016d31ff85d}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 20:30:48 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-23 20:32:36 . 2008-01-17 21:34:28 --- E O F --- Lenke til kommentar
norbat Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Klarer ikke å se noen 'infiserte' filer i den loggen. Problemet ditt kan f.eks skyldes drivere. Kanskje en reinstallering av skjermkortdriveren kan være verdt et forsøk. Lenke til kommentar
Ronya Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 norbat: Oki! Tusen takk for hjelpen ihvertfall! Lenke til kommentar
Dominicus Skrevet 23. januar 2008 Del Skrevet 23. januar 2008 Til dykk som greier å bli infisert, kjem dykk til å bytte nettlesar? Hvilken nettleser er det som er problemet her? Den "vanlige"? Den andre halvdelen i huset greide å selvfølgelig å erverve dette svineriet og sende det til alle på kontaktlisten. Bruker FF. Kunne du har laget en hjt-logg på den infiserte PC-en, Muffinman? Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Kan du se hvordan jeg blir kvitt virus på maskinen? Til dykk som greier å bli infisert, kjem dykk til å bytte nettlesar? Hvilken nettleser er det som er problemet her? Den "vanlige"? Den andre halvdelen i huset greide å selvfølgelig å erverve dette svineriet og sende det til alle på kontaktlisten. Bruker FF. Kunne du har laget en hjt-logg på den infiserte PC-en, Muffinman? Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Kan du se hvordan jeg blir kvitt virus på maskinen? Og loggfil følger her. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:05, on 23.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Acer\eManager\anbmServ.exe C:\Programfiler\Softwin\BitDefender10\bdmcon.exe C:\Programfiler\Softwin\BitDefender10\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe C:\Programfiler\Fellesfiler\Softwin\BitDefender Update Service\livesrv.exe C:\Programfiler\Softwin\BitDefender10\vsserv.exe C:\Programfiler\WinRAR\WinRAR.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Knut-Martin\Skrivebord\Ny mappe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ht.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlk.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe O4 - HKLM\..\Run: [bDMCon] "C:\Programfiler\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Programfiler\Softwin\BitDefender10\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171555117390 O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programfiler\Fellesfiler\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programfiler\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8025 bytes Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå