leifeinar Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 (endret) fått et rart virus som logger meg av msn og logger meg på et annet sted. og sender tvilsome linker rundt til folk i adresseboka mi... antivirus finner det ikke spyvare heller Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:12 PM, on 3/31/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\Gigabyte\ET5Pro\GUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\BOINC\boinc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.20_windows_intelx86 C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.20_windows_intelx86 C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_5.42_windows_intelx86 C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_5.42_windows_intelx86 C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- End of file - 7677 bytes Endret 2. april 2008 av leifeinar Lenke til kommentar
lasse_hansen87 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 slett hele msn, søk deretter etter virus i sikkerhetsmodus.. Da vil den nok fjerne det se Lenke til kommentar
leifeinar Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 slett hele msn, søk deretter etter virus i sikkerhetsmodus.. Da vil den nok fjerne det se nei det var NO GO... Lenke til kommentar
Gjest Slettet+987123897 Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Eg trur eg ville spurt ein moderator om å fått flytta denne tråden til Antivirusprogrammer og datasikkerhet delen av forumet. Der vil du sannsynligvis få raskare hjelp. Lenke til kommentar
leifeinar Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 er det mulig.... dreiv og leita etter en virus kategori men fant ikke så posta her... er det en snill moderator som gidder og flytte? Lenke til kommentar
norbat Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 1. Bytt passord på brukeren din 2. Post en combofix-logg: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
leifeinar Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 her er lig fra combofix: ComboFix 08-03-30.5 - antony 2008-04-01 14:41:14.1 - NTFSx86Running from: C:\Documents and Settings\antony\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))) . 2008-03-31 19:46 . 2008-03-31 19:46 <DIR> d-------- C:\Program Files\MSN Messenger 2008-03-31 11:06 . 2008-03-31 12:00 <DIR> d-------- C:\Documents and Settings\antony\.housecall6.6 2008-03-31 10:57 . 2008-03-31 10:57 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-28 19:58 . 2008-03-28 19:58 <DIR> d--hs---- C:\found.000 2008-03-27 04:00 . 2008-03-27 04:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-26 14:46 . 2008-03-26 14:46 <DIR> d-------- C:\Documents and Settings\antony\Application Data\Samsung 2008-03-26 14:45 . 2006-05-03 23:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-03-26 14:44 . 2008-03-26 14:44 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-03-26 14:44 . 2008-03-26 14:44 <DIR> d-------- C:\Program Files\Samsung 2008-03-26 14:44 . 2005-08-30 18:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys 2008-03-26 14:44 . 2005-08-30 18:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys 2008-03-26 14:44 . 2005-08-30 18:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys 2008-03-26 14:44 . 2005-08-30 18:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys 2008-03-26 14:44 . 2005-08-30 18:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys 2008-03-26 14:44 . 2005-08-30 18:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys 2008-03-26 14:44 . 2005-08-30 18:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys 2008-03-26 14:44 . 2006-07-24 17:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-03-26 14:44 . 2005-08-28 21:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-03-26 13:21 . 2008-03-26 13:21 <DIR> d-------- C:\Program Files\Lavasoft 2008-03-26 13:21 . 2008-03-26 13:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-26 13:21 . 2008-03-26 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-25 15:29 . 2008-03-31 19:36 4 --a------ C:\WINDOWS\system32\GVTunner.ref 2008-03-15 08:25 . 2008-03-15 08:25 <DIR> d-------- C:\Program Files\RivaTuner v2.08 2008-03-14 08:18 . 2008-03-14 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-03-14 08:15 . 2008-01-22 15:42 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-03-14 08:14 . 2008-03-14 08:16 <DIR> d-------- C:\Program Files\ATI Technologies 2008-03-14 08:13 . 2008-01-07 16:43 165,782 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-03-14 08:08 . 2008-03-14 08:08 10 --a------ C:\WINDOWS\WININIT.INI 2008-03-13 23:40 . 2008-03-13 23:40 <DIR> d-------- C:\Documents and Settings\antony\Application Data\ATI 2008-03-13 23:40 . 2008-03-13 23:40 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-03 13:20 . 2008-03-03 13:20 <DIR> d-------- C:\Documents and Settings\antony\Application Data\Ubisoft 2008-03-03 13:20 . 2008-03-03 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-03-03 12:50 . 2008-03-03 12:50 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-03-03 12:50 . 2008-03-03 12:50 <DIR> d-------- C:\Documents and Settings\antony\Application Data\SystemRequirementsLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-01 12:42 --------- d-----w C:\Program Files\BOINC 2008-04-01 12:36 --------- d-----w C:\Documents and Settings\antony\Application Data\Skype 2008-04-01 06:00 --------- d-----w C:\Documents and Settings\antony\Application Data\AVG7 2008-03-31 18:28 --------- d-----w C:\Documents and Settings\antony\Application Data\dvdcss 2008-03-31 17:36 24,944 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys 2008-03-30 20:20 --------- d-----w C:\Program Files\Java 2008-03-26 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-24 23:07 --------- d-----w C:\Documents and Settings\antony\Application Data\skypePM 2008-03-24 18:07 --------- d-----w C:\Documents and Settings\antony\Application Data\LimeWire 2008-03-24 07:23 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-03-20 15:14 --------- d-----w C:\Program Files\SpeedFan 2008-03-15 14:43 --------- d-----w C:\Program Files\ATITool 2008-03-15 06:23 --------- d-----w C:\Program Files\RivaTuner v2.06 2008-03-14 15:19 --------- d-----w C:\Program Files\Futuremark 2008-03-13 21:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-06 10:27 --------- d-----w C:\Program Files\Thief2 2008-03-03 11:03 --------- d-----w C:\Program Files\Ubisoft 2008-02-25 12:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-25 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-25 11:30 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-24 16:22 --------- d-----w C:\Program Files\Deluxe Ski Jump 3 2008-02-23 19:13 --------- d-----w C:\Program Files\LimeWire 2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-01-08 22:06 25,798,301 ----a-w C:\Documents and Settings\antony\Shared.zip 2008-01-04 14:03 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-17 22:08 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 23:49 579072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "EnvyHFCPL"="C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2007-03-15 20:52 495616] "EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-27 01:05 20480] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-17 08:36 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ World Community Grid - BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-11-27 00:25:32 3863296] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Gigabyte\\ET5Pro\\update.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2007-03-15 18:56] R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-03-31 19:36] R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [2007-12-28 07:39] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-17 08:16] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59] *Newly Created Service* - USNJSVC . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 14:42:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run EnvyHFCPL = C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\C:\Program Files\Gigabyte\ET5Pro\markfun.w32" . Completion time: 2008-04-01 14:42:37 ComboFix-quarantined-files.txt 2008-04-01 12:42:30 Pre-Run: 209,023,569,920 bytes free Post-Run: 209,186,590,720 bytes free . 2008-03-27 02:00:33 --- E O F --- Lenke til kommentar
norbat Skrevet 1. april 2008 Del Skrevet 1. april 2008 Loggen ser fin ut. Ingen filer som tyder på at PC-en din er infisert med malware. Har du fått byttet passord på brukerkontoen din (MSN) og er det fortsatt problemer? Lenke til kommentar
leifeinar Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 først... takk for at du gidder bytta passord, men bare for en time siden. den har en tendens til og logge meg av etter noen timer uten aktivitet så få se i natt Lenke til kommentar
r2d290 Skrevet 1. april 2008 Del Skrevet 1. april 2008 Du får holde oss oppdatert på problemet hvis problemet løser seg, kan du gjøre følgende: avinstallere combofix: start->kjør skriv følgende: combofix /u (trykk enter) Dette vil avinstallere combofix og sette et gjennoprettingspunkt på maskinen din (som du kan bruke senere hvis maskinen din klikker). Lenke til kommentar
leifeinar Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 r2d290: er den røde linja i singnaturen men på meg..... egentlit veldig iriterende. bruker og være forsiktig, fikk link fra en seriøs kompis, så tenkte det var noen medisinske artikler eller noe men skal holde oppdatert, inge avlogginger enda Lenke til kommentar
r2d290 Skrevet 1. april 2008 Del Skrevet 1. april 2008 (endret) r2d290: er den røde linja i singnaturen men på meg..... egentlit veldig iriterende. bruker og være forsiktig, fikk link fra en seriøs kompis, så tenkte det var noen medisinske artikler eller noe men skal holde oppdatert, inge avlogginger enda ja, ment på sånne som deg Selvom det kommer fra en serriøs avsender, er det ikke sikkert at han bevist har sendt den... Be alltid om bekreftelse på at linken ble sendt bevist... edit: åja, du sa ingenting om det tidligere... oppga du noe passord, eller lasta du ned noen fil fra siden du fikk link til? er det fortsatt ikke noen problemer? Endret 1. april 2008 av r2d290 Lenke til kommentar
leifeinar Skrevet 1. april 2008 Forfatter Del Skrevet 1. april 2008 (endret) trykte på linken brukte 3 sekunder på og skjønne at dette var en dårlig ling så lukte jeg vinduet fortsatt ingen probs nei, men får se i natt Endret 1. april 2008 av leifeinar Lenke til kommentar
leifeinar Skrevet 2. april 2008 Forfatter Del Skrevet 2. april 2008 funka visst bare fint og bytte passord.... Lenke til kommentar
r2d290 Skrevet 2. april 2008 Del Skrevet 2. april 2008 Fint Endre emnetittelen din, ved å trykke på rediger, og full redigering. La den nye emnetittelen bli: [LØST] fått MSN virus... lagt ved logg fil Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå