Tharos. Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Sitter på lappen til en venninne, og har (mest sannsynlig) fjerna MSN-viruset. MEN, så fant jeg ei fil som het fresh01.exe som viste seg å være virus. Fjerna den, og nå lurer jeg på om noen kan se over loggene for å se om det er noe mer schwineri? Combofix: ComboFix 08-01-21.5 - Anne Sneisen 2008-01-22 18:03:40.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.64 [GMT 1:00] Running from: C:\Documents and Settings\Anne Sneisen\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Anne Sneisen\Skrivebord\CFscript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\Fresh01.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Fresh01.exe . ---- Previous Run ------- . C:\WINDOWS\images.zip C:\WINDOWS\lssas.exe . ((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))) . 2008-01-22 15:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-22 15:17 . 2008-01-22 15:17 <DIR> d-------- C:\Programfiler\CCleaner 2008-01-20 14:29 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2008-01-11 23:11 . 2008-01-11 23:11 45,568 --a------ C:\update.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-22 13:02 --------- d-----w C:\Programfiler\Telenor 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-29 20:02 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 10:20 3,079,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:01 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 09:00 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-22_15.27.12,44 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-22 14:24:13 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000001\NTUSER.DAT + 2008-01-22 17:03:14 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000001\NTUSER.DAT - 2008-01-22 14:24:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000002\UsrClass.dat + 2008-01-22 17:03:14 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000002\UsrClass.dat - 2008-01-22 14:24:13 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000003\NTUSER.DAT + 2008-01-22 17:03:14 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000003\NTUSER.DAT - 2008-01-22 14:24:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000004\UsrClass.dat + 2008-01-22 17:03:14 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000004\UsrClass.dat - 2008-01-22 14:24:14 2,912,256 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000005\NTUSER.DAT + 2008-01-22 17:03:14 2,912,256 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000005\NTUSER.DAT - 2008-01-22 14:24:14 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000006\UsrClass.dat + 2008-01-22 17:03:14 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users0000006\UsrClass.dat + 2008-01-22 16:39:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STDSB"="C:\WINDOWS\System32\STDSB.exe" [2002-02-27 19:30 28672] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152] "SoundMan"="SOUNDMAN.EXE" [2003-01-07 18:09 46592 C:\WINDOWS\SOUNDMAN.EXE] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2004-11-13 17:41 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496] "Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:03 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ hp psc 1000 series.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456] hpoddt01.exe.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672] R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-03-20 04:20] R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-03-20 04:20] R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48] R2 ANISERVICE;Airgo Networks NIC Service;C:\WINDOWS\System32\aniServ.exe [2004-09-30 12:16] R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-06-19 12:23] . Contents of the 'Scheduled Tasks' folder "2006-08-15 20:09:12 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1104872543.job" - C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2005-01-05 21:20:00 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job" Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25, on 2008-01-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\STDSB.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\aniServ.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jucheck.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Anne Sneisen\Skrivebord\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\System32\STDSB.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?78f45eb346dd4d40891c124cfad0a6e2 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?78f45eb346dd4d40891c124cfad0a6e2 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.online.no O16 - DPF: BankID - https://activation1.bankid.no/TNA2Web/content/bankidcoi.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176838743085 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176839001035 O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6323 bytes Lenke til kommentar
Programvare Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 Du kan trykke Fix checked på følgende: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Ellers ser det meget pent ut ut ifra det jeg kan si. Lenke til kommentar
Tharos. Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Thanksalot! Lenke til kommentar
Programvare Skrevet 22. januar 2008 Del Skrevet 22. januar 2008 (endret) Har du prøvd programmet Ccleaner? Det fjerner temp-filer og annet unødvendig tull som lagrer seg på PC-en din. Det kan i tillegg rydde opp i registeret ditt. Endret 22. januar 2008 av Vintermåne Lenke til kommentar
Tharos. Skrevet 22. januar 2008 Forfatter Del Skrevet 22. januar 2008 Jessør, kjørte en runde med det også til slutt. Satser på at venninna mi blir litt mer skeptisk mht. MSN-linker nå. (Det skal i hvert fall bankes inn av undertegnede). Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå