Enda et msn virus?

[sbaerheim]

Jeg fikk også dette viruset. Ligger det lokalt på maskinen eller vil det følge msn-kontoen?

 

Altså... hvis jeg logger på msn fra en annen pc, vil kontoen min fremdeles sende ut slike bildemeldinger?

[KillYou]

Det ligger lokalt, de som er infisert kan bruke netmessenger i mellomtiden for å forhindre at det sprer seg fra deg....

[Pixl.]

ahhh.:!!!

klikker snart ass, når skal de få stoppet dette viruset? får konstand meldinger"hehe, er dette deg?"-.-"se hva jeg fant på nettet, deg?" osv. osv...

plagsomt har heldigvis ikke fått noe virus da scanner dataen hver 3 time eller noe. ikke lastet ned innholdet)

[KillYou]

Send en link til denne siden, og fortell dem om hva de kan gjøre for å fjerne det....

[Ekko]

Jeg var så dum/uheldig at jeg klikket på en slik link mottatt fra en kammerat.

 

Meldingen var

 

haha og link til et bilde med epost-adressen min bak. Adressen var noe med "moo"

 

Jeg klikket som sagt på den og fikk opp en webside som sa at dette var et virus. Det jeg lurer på er om jeg kan ha fått viruset eller om denne siden er lagt inn i ettertid etter man har oppdaget viruset for å stoppe det?

 

EDIT: Never mind. Jeg limte den inn i opera og fikk følgende info på websiden

 

Advarsel!

 

Hvis du har kommet til denne siden er det fordi du har fulgt en lenke, antakelig fra en i kontaktlisten din på MSN som er infisert med en trojan. Vennligst informer den du fikk denne meldingen ifra om at de er infisert og må skanne maskinen sin for virus/trojaner. Du er forøvrig IKKE infisert om du har fulgt en lenke som peker til denne siden.

 

Les mer på http://www1.vg.no/teknologi/artikkel.php?artid=508700

 

Gå til moo.no

Warning!

 

If you are reading this, you have probably followed a link, possibly from someone in your MSN contact list that is infected with a trojan. Please tell the person to have their computer scanned for viruses/trojans. You are however NOT infected your self by following a link that leads to this page.

 

Go to moo.no

Endret 20. januar 2008 av Ekko

[KillYou]

Ja LatHans(han som driver moo.no) skiftet ut disse i går, så alle som har det msn viruset som linker til msnphotos.moo.no og msnprofiles.moo.no kan ikke smitte flere, det som er viktig er å få opp en enkel veiledning til å slette disse.

 

Ikke personlig men de fleste som starter en ukjent kjørbar fil, trenger litt hjelp med å fjerne ting som dette.

 

Så vist noen med en god del erfaring med virus å slik(norbat?) tar seg tid til å skrive en liten tut, vil den bli lagt ut på den siden som de to moo.no sidene linker til.

[Ueland]

Har konkludert med at de og registrerer din MSN-addresse som aktiv i et spamsystem et sted. Etter at jeg klikket på linken har hittil 16 botter forsøkt å legge meg til på MSN, til tross for at jeg ikke lastet ned programmet. (ikke overraskende egentlig)

 

Det har eg ikkje merka her isåfall.

Godt mulig det ikke stemmer, eventuelt har nok noen bare hatt det morsomt siden noen av disse personene trodde jeg ikke var en han

[aaeal]

Jeg har windows vista. jeg trykket på en sånn link, det som sjedde var at det åpna seg to blanke vinduer, og ikke noe mer.

Jeg har ikke trøbbel med msn min, og når jeg åpner msn bloggen å skjekker folk som har vært på samtidig som meg, ser jeg at jeg ikke har sendt videre noen linker. Er PC-en min infisert?

[Programvare]

Hvis du ikke har merket noe trøbbel, er det ikke sikkert du er infisert, men jeg ville allikevel ha postet en hijackthis-logg for å være sikker

[aaeal]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:52:41, on 22.01.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Telenor\Online Start\Telenor.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Online Start\IEFixItNowPlugin.dll

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Telenor Online Start] "C:\Program Files\Telenor\Online Start\Telenor.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11616 bytes

[norbat]

Du har en tjeneste knyttet til BOONTY kjørende. Den kan du disable (skriv: services.msc i kjør-vinduet, høyreklikk på tjenesten, velg egenskaper. Under oppstartstype, setter du Deaktivert)

 

Kjør gjerne en full scan med antispywareprog. SAS (gratisversjonen)

[Ronya]

Kunne noen tatt en titt på min hijackthis-logg? PCen minoppfører seg litt besynderlig..

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Billionton\Bluetooth-programvare\BTTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Billionton\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: DirectEdit - https://www.itslearning.com//file/DirectEdit.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.2.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\72sp1\quartus\bin\jtagserver.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10410 bytes

[norbat]

Umiddelbart ikke noe spesielt å se. På hvilken måte oppfører pc-en seg besyndelig?

[r2d290]

jeg driver med SAS nå, men etter 6 minutter sluttet den å jobbe (ser det ut til). Eneste tegn til at ting skjer, er at "elapsed time" tikker og går. det er nå 6 minutt siden den klikka. den klikket i samme sekund som den fant to adware. skal jeg avbryte?

 

 

edit: jeg slettet et spm, da jeg fikk svar på egenhånd. Svar likavell på det spm som står i denne posten...

Endret 22. januar 2008 av r2d290

[Ronya]

Jeg fikk den der linken på msn for noen dager siden, men jeg trykket ikke på den. Så jeg trodde egentlig ikke at det var det som var galt, men PCen har oppført seg rart etter det. Men det er vel sikkert tilfeldig. Skjermen har plutselig blitt svart noen ganger, og idag morges var den helt umulig. Prøvde å starte den på vanlig måte, men da kom det opp at Windows måtte scanne maskinen, og så scannet den sånn ca 60 000 filer og så kom den ikke lengre. Slo av PCen og prøvde å starte den på vanlig måte en gang til, men det samme kom opp. Det sto at jeg kunne avbryte ved å trykke en tast, men det hjalp ikke. Denne gangen kom den til sånn ca 70 000 filer før den stoppet helt opp. Så prøvde jeg å starte den i sikker modus. Ingenting skjedde. Så slo jeg den av og på igjen og valgte et alternativ som heter "Reparer datamaskinen" (jeg har Vista), og det hjalp. Og når jeg fikk den igang har jeg kjørt en virusscan med Avast og scannet den med ad-aware. Den har forsåvidt virket ok etter det, men den har fortsatt med en ting, og det er av at av og til så flimrer skjermen. Akkurat som om skjermbildet rister litt på seg. Det varer bare i en brøkdel av et sekund hver gang, men det skal jo ikke være sånn... Hm..

[norbat]

Ronya:

Du kunne ha prøvd combofix med tilhørende logg. Kanskje den kan vise noe mer ...

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører da PC-en kan fryse.

 

Post loggfilen fra combofix (c:\combofix.txt)

[Ronya]

norbat:

 

Combofix-logg:

 

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\x64

 

.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))

.

 

2008-01-22 20:19 . 2000-08-31 08:00 51,200 --a------ C:\Windows\Nircmd.exe

2008-01-22 20:01 . 2008-01-22 20:01 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-22 10:45 . 2008-01-22 10:45 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-22 10:44 . 2008-01-22 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-22 09:02 . 2008-01-22 09:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-22 09:01 . 2008-01-22 09:05 <DIR> d-------- C:\Program Files\Windows Live

2008-01-14 21:51 . 2008-01-14 21:51 <DIR> d-------- C:\Windows\Downloaded Installations

2008-01-14 21:51 . 2008-01-14 21:56 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-01-14 12:23 . 2008-01-18 10:09 <DIR> d-------- C:\Case

2008-01-10 13:24 . 2008-01-10 13:25 <DIR> d-------- C:\Licensedir

2008-01-09 23:12 . 2008-01-09 23:12 <DIR> d-------- C:\Program Files\Macrovision

2008-01-09 22:36 . 2008-01-09 22:36 <DIR> d-------- C:\Windows\System32\RNBOSENT

2008-01-09 22:36 . 2007-07-07 07:11 76,288 --a------ C:\Windows\System32\drivers\SENTINEL.SYS

2008-01-09 22:36 . 2007-07-07 07:11 50,176 --a------ C:\Windows\System32\SNTI386.DLL

2008-01-09 22:36 . 2007-07-07 07:11 26,120 --a------ C:\Windows\System32\drivers\SNTNLUSB.SYS

2008-01-09 22:36 . 2007-07-07 07:11 18,432 --a------ C:\Windows\System32\RNBOVDD.DLL

2008-01-09 22:36 . 2007-07-07 07:11 9,949 --------- C:\Windows\System32\SENTINEL.HLP

2008-01-09 22:36 . 2007-07-07 07:09 7,680 --a------ C:\Windows\System32\drivers\pgdhdlc.sys

2008-01-09 22:31 . 2006-05-24 09:45 176,128 --a------ C:\Windows\System32\ftd2xx.dll

2008-01-09 22:31 . 2006-05-24 09:47 106,496 --a------ C:\Windows\System32\ftbusui.dll

2008-01-09 22:31 . 2006-05-18 08:48 47,249 --a------ C:\Windows\System32\drivers\ftdibus.sys

2008-01-09 09:43 . 2008-01-09 09:43 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-01-09 09:43 . 2008-01-09 09:43 216,760 --a------ C:\Windows\System32\drivers\netio.sys

2008-01-09 09:43 . 2008-01-09 09:43 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-01-09 09:43 . 2008-01-09 09:43 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-01-09 09:43 . 2008-01-09 09:43 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-01-09 09:41 . 2008-01-09 09:41 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-01-09 09:41 . 2008-01-09 09:41 1,686,016 --a------ C:\Windows\System32\gameux.dll

2008-01-09 09:20 . 2008-01-09 09:20 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-01-09 09:20 . 2008-01-09 09:20 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-01-09 09:20 . 2008-01-09 09:20 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-01-09 09:20 . 2008-01-09 09:20 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-01-09 09:20 . 2008-01-09 09:20 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-01-09 09:20 . 2008-01-09 09:20 25,656 --a------ C:\Windows\System32\drivers\msahci.sys

2008-01-09 09:20 . 2008-01-09 09:20 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-01-09 09:20 . 2008-01-09 09:20 17,464 --a------ C:\Windows\System32\drivers\intelide.sys

2008-01-09 09:19 . 2008-01-09 09:19 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-01-08 12:44 . 2008-01-08 12:44 <DIR> d-------- C:\Windows\System32\1033

2008-01-07 23:34 . 2008-01-07 23:35 <DIR> d-------- C:\Program Files\MSDN

2008-01-07 22:27 . 2008-01-07 22:27 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition

2008-01-07 22:27 . 2008-01-07 22:27 <DIR> d-------- C:\Program Files\Microsoft Device Emulator

2008-01-07 22:18 . 2008-01-07 22:18 172 --a------ C:\Windows\ODBC.INI

2008-01-07 17:31 . 2008-01-07 17:31 <DIR> d-------- C:\Windows\Symbols

2008-01-07 17:31 . 2008-01-07 22:02 <DIR> d-------- C:\Program Files\HTML Help Workshop

2008-01-07 17:31 . 2008-01-08 12:42 <DIR> d-------- C:\Program Files\Common Files\Merge Modules

2008-01-07 17:31 . 2008-01-07 17:35 <DIR> d-------- C:\Program Files\Common Files\Business Objects

2008-01-07 17:31 . 2008-01-07 17:31 <DIR> d-------- C:\Program Files\CE Remote Tools

2008-01-07 16:25 . 2008-01-09 00:24 <DIR> d-------- C:\Microsoft Visual Studio

2008-01-07 16:16 . 2008-01-08 12:41 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-01-02 17:20 . 2008-01-02 17:20 59 --a------ C:\Windows\pp.enc

2007-12-25 15:36 . 2007-12-25 15:36 <DIR> d-------- C:\Program Files\Samsung

2007-12-25 04:03 . 2006-05-03 22:53 174,592 --a------ C:\Windows\System32\framedyn.dll

2007-12-25 03:58 . 2007-12-25 03:58 59 --a------ C:\Windows\wininit.ini

2007-12-25 03:55 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys

2007-12-25 03:55 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys

2007-12-25 03:55 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys

2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys

2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys

2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys

2007-12-25 03:55 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys

2007-12-25 03:54 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys

2007-12-25 03:31 . 2007-12-25 04:00 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers

2007-12-25 03:31 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-09 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-09 10:50 --------- d-----w C:\Program Files\Windows Mail

2008-01-09 08:41 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-01-09 08:41 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-01-09 08:41 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-01-09 08:41 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-01-09 08:20 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-08 12:44 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-01-07 21:57 --------- d-----w C:\Program Files\Microsoft.NET

2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2007-12-12 06:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-12 06:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-12 06:49 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-12 06:48 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-12 06:48 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 06:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 06:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-12 06:47 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-12 06:47 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-12 06:47 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-12 06:47 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-12 06:46 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-12 06:46 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys

2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys

2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr

2007-12-02 16:09 --------- d-----w C:\Program Files\Skype

2007-12-01 15:09 --------- d-----w C:\Program Files\Common Files\Skype

2007-11-17 10:22 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-15 09:39 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-15 09:39 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-15 09:39 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-15 09:39 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-15 09:39 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-15 09:39 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-15 09:39 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-15 09:39 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-15 09:39 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-15 09:39 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-15 09:37 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2007-11-15 09:37 8,704 ----a-w C:\Windows\System32\hccoin.dll

2007-08-30 10:23 174 --sha-w C:\Program Files\desktop.ini

2007-03-28 11:30 14,356 ------w C:\Program Files\cxbu0wdm.cat

2007-02-28 09:04 7,153 ------w C:\Program Files\readme_cm3x21.txt

2007-02-28 07:38 91,008 ------w C:\Program Files\cxbu0wdm.sys

2007-02-28 07:32 14,096 ------w C:\Program Files\cxbu0wdm.inf

2007-02-27 16:50 393,216 ------w C:\Program Files\cmdiag.cpl

2007-02-19 14:12 65,536 ------w C:\Program Files\chksvrn.dll

2006-11-20 14:43 241,664 ------w C:\Program Files\cmabout.dll

2006-11-20 13:37 142 ------w C:\Program Files\cmabout.ini

2006-07-05 08:59 10,229 ------w C:\Program Files\cmdiag.ini

2006-02-08 12:43 41,926 ------w C:\Program Files\OK.BMP

2007-05-26 19:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-05-26 19:06 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-05-26 19:06 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-08-26 09:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-08-26 09:44 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-08-26 09:44 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:19 1232896]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-09 17:45 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 01:50 1021224]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 02:09 842584]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29 102400]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 10:51]

S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;C:\Windows\system32\drivers\ftdibus.sys [2006-05-18 08:48]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

S3 NETw3v32;Intel® PRO/Wireless 3945ABG kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2007-02-22 18:39]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a88c3a3-c5c3-11dc-a479-0016d31ff85d}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-23 20:30:48

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-23 20:32:36

.

2008-01-17 21:34:28 --- E O F ---

[norbat]

Klarer ikke å se noen 'infiserte' filer i den loggen. Problemet ditt kan f.eks skyldes drivere. Kanskje en reinstallering av skjermkortdriveren kan være verdt et forsøk.

[Ronya]

norbat:

 

Oki! Tusen takk for hjelpen ihvertfall!

[Dominicus]

Til dykk som greier å bli infisert, kjem dykk til å bytte nettlesar?

Hvilken nettleser er det som er problemet her? Den "vanlige"?

 

Den andre halvdelen i huset greide å selvfølgelig å erverve dette svineriet og sende det til alle på kontaktlisten. Bruker FF.

 

Kunne du har laget en hjt-logg på den infiserte PC-en, Muffinman?

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

 

Kan du se hvordan jeg blir kvitt virus på maskinen?

 

 

 

Til dykk som greier å bli infisert, kjem dykk til å bytte nettlesar?

Hvilken nettleser er det som er problemet her? Den "vanlige"?

 

Den andre halvdelen i huset greide å selvfølgelig å erverve dette svineriet og sende det til alle på kontaktlisten. Bruker FF.

 

Kunne du har laget en hjt-logg på den infiserte PC-en, Muffinman?

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

 

Kan du se hvordan jeg blir kvitt virus på maskinen?

 

 

Og loggfil følger her.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:31:05, on 23.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Softwin\BitDefender10\bdmcon.exe

C:\Programfiler\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe

C:\Programfiler\Fellesfiler\Softwin\BitDefender Update Service\livesrv.exe

C:\Programfiler\Softwin\BitDefender10\vsserv.exe

C:\Programfiler\WinRAR\WinRAR.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Knut-Martin\Skrivebord\Ny mappe\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ht.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlk.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Programfiler\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programfiler\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.buypass.no (HKLM)

O15 - Trusted Zone: http://*.headit.no (HKLM)

O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171555117390

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programfiler\Fellesfiler\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programfiler\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8025 bytes