norbat Skrevet 14. januar 2008 Rapporter Del Skrevet 14. januar 2008 (endret) NB! Denne veiledningen (se sort tekst lenger ned) omhandler egentlig det MSN-viruset som var aktivt for litt over en uke siden. Det som har vært i aktivitet nylig, er en annen variant med andre filer (se rød tekst). Kjør allikevel gjennom veiledningen som er gitt, med de programmene som er listet opp da det 'nye' MSN-viruset er en variant som har kjente infeksjoner. De fleste antivirusprogram vil nå ha oppdatert sine definisjoner, som gjør at du sannsynligvis vil bli kvitt infeksjonen vha. det. Er du allikevel i tvil, så ikke nøl med å søke hjelp. --------------------------------------------------------- Det 'nye' MSN-viruset aktiverer bla. nedlasting av filer knyttet til Vundo-infeksjon, noe som kan sees i en hijackthis-logg som: O2-linje: C:\WINDOWS\system32\qomnnkh.dll, (dll-fila qomnnkh.dll opptrer i mange navn-varianter). 020-linje: O20 - Winlogon Notify: qomnnkh - C:\WINDOWS\SYSTEM32\qomnnkh.dll Man kan også finne følgende linje i hjt-loggen: O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe Fila svchost.exe vil ligge på følgende plass: C:\windows\svchost.exe Kjør altså gjennom veiledningen under og evt. post nødvendige logger om du ønsker hjelp. ---------------------------------------------------------- INFO: Linken du får på MSN, kan inneholde ord som ..photobucket.., ..youtube.. etc. I de fleste tilfellene har det vært filene ntmngr.exe, lssas.exe og images.zip som har skapt problemer. ntmngr.exe: Backdoor.Win32.IRCBot.bag (Kaspersky) lssas.exe: Backdoor.Win32.IRCBot.bau (F-secure) images.zip: Backdoor.Win32.IRCBot.bau (F-secure) Filer som kan være virksomme er: C:\WINDOWS\ntmngr.exe C:\WINDOWS\lssas.exe C:\445930.exe C:\WINDOWS\images.zip En HJT-logg kan vise følgende linje (registeroppføring): O4 - HKLM\..\Run: [MSN] lssas.exe O4 - HKLM\..\Run: [MSN] ntmngr.exe Er usikker på hvilke antivirusprogram som har oppdatert sine definisjoner for dette, så kan derfor ikke anbefale noen som garantert tar disse filene. Hvordan løse dette Fordi det nå har gått noen dager siden denne infeksjonen ble oppdaget, så vil sannsynligvis ditt antivirusprogram ordne problemet. Jeg gir deg allikevel en løsning som jeg vet fungerer. Programmer som inngår i fixen: MSNFix: Vil oppdage og fjerne alle filene som er nevnt over Combofix: Vil fjerne de fleste, samt avsløre om det fortsatt ligger infiserte filer igjen i form av en logg den lager. Hijackthis (hjt): Lager en logg som evt. kan fortelle hvordan det ligger an. Veiledning MSNFix Last ned MSNFix, og pakk det ut på skrivebordet. Kjør filen 'MSNFix.bat'. Følg veiledningen Veiledning Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) i en egen tråd, om du ønsker veiledning (klikk Nytt emne) Veiledning Hijackthis: Hijackthis kan på en enkel måte fjerne registeroppføringene knyttet til denne infeksjonen. Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan only". Sett er merke framfor følgende linjer, om de er tilstede, og klikk Fix checked: O4 - HKLM\..\Run: [MSN] lssas.exe O4 - HKLM\..\Run: [MSN] ntmngr.exe Det er lite sannsynlig at begge er tilstede samtidig. Oppdater ditt antivirusprogram og kjør en full scan. Endret 23. november 2008 av norbat Lenke til kommentar
JohnMartin Skrevet 14. januar 2008 Rapporter Del Skrevet 14. januar 2008 Takk for en fin veiledning. Har hjulpet mange venner med denne Men lurte bare på en ting.. Vet du hva viruset heter? Lurte bare på om NOD32 har lagt den til i sin oppdatering, for de oppdaterer jo flere ganger om dagen, så ble litt nysgjerrig der.. Lenke til kommentar
norbat Skrevet 14. januar 2008 Forfatter Rapporter Del Skrevet 14. januar 2008 (endret) Heter det ikke 'MSN-viruset' da? Filene er knyttet til Backdoor.Win32.IRCBot (de fleste 'msn-virusene' er varianter av hverandre. Navnet vil sikkert variere litt mellom de ulike av-selskapene) Endret 14. januar 2008 av norbat Lenke til kommentar
Heineoen Skrevet 17. januar 2008 Rapporter Del Skrevet 17. januar 2008 (endret) Ei venninde av meg ser ut til og ha pådratt seg dette viruset.. Sender ut mystiske yourtube linker.. Også av en ellerannen grunn er msn bagrunnsbildet blitt gult med paint smileys? Combofix: ComboFix 08-01-17.5 - Anja 2008-01-17 11:39:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.404 [GMT 1:00] Running from: C:\Documents and Settings\Anja\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000004_.tmp.dll C:\WINDOWS\system32\_000005_.tmp.dll C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-17 11:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 10:25 . 2008-01-17 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-17 03:40 . 2008-01-17 11:30 <DIR> d-------- C:\Program Files\PC Tools AntiVirus 2008-01-17 03:40 . 2008-01-17 03:40 <DIR> d-------- C:\Program Files\Common Files\PC Tools 2008-01-17 03:40 . 2008-01-17 03:40 <DIR> d-------- C:\Documents and Settings\Anja\Programdata\PC Tools 2008-01-17 03:40 . 2008-01-17 11:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 03:40 . 2008-01-17 03:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-01-17 03:40 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys 2008-01-17 03:40 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys 2008-01-17 03:40 . 2007-12-10 10:59 21,912 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys 2008-01-17 02:38 . 2008-01-17 02:38 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag 2008-01-17 02:38 . 2008-01-17 02:38 <DIR> d-------- C:\Documents and Settings\Anja\Programdata\Auslogics 2008-01-17 02:28 . 2008-01-17 02:29 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-01-17 02:28 . 2008-01-17 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-01-17 02:28 . 2008-01-17 02:28 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-01-17 02:28 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-01-17 02:19 . 2008-01-17 02:19 <DIR> d-------- C:\Documents and Settings\Anja\Programdata\TuneUp Software 2008-01-17 02:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-17 00:50 . 2008-01-17 00:50 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-17 00:50 . 2008-01-17 00:50 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp 2008-01-17 00:39 . 2008-01-17 00:39 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-01-17 00:39 . 2008-01-17 00:50 <DIR> d-------- C:\Program Files\AlienGUIseny 2008-01-17 00:39 . 2008-01-17 00:39 58 --a------ C:\WINDOWS\wb.ini 2008-01-17 00:32 . 2008-01-17 00:38 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-17 00:32 . 2008-01-17 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-17 00:13 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-01-17 00:13 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-01-17 00:13 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-01-17 00:11 . 2008-01-17 00:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-14 23:13 . 2008-01-14 23:13 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-14 23:13 . 2008-01-17 02:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-14 23:13 . 2008-01-14 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-14 21:43 . 2008-01-14 21:44 <DIR> d-------- C:\Program Files\Paint.NET 2008-01-14 21:43 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-14 21:43 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-14 21:43 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-14 21:43 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-14 21:43 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-14 21:43 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-14 21:42 . 2008-01-14 21:42 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-14 21:42 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-14 21:42 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-14 20:14 . 2008-01-14 20:14 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-01-14 19:47 . 2008-01-14 19:47 <DIR> d-------- C:\Program Files\CCleaner 2008-01-14 19:44 . 2006-11-13 07:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-01-14 19:44 . 2006-11-13 07:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2008-01-14 19:44 . 2006-11-13 07:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2008-01-14 19:28 . 2008-01-14 19:28 <DIR> d-------- C:\Program Files\MSBuild 2008-01-14 19:24 . 2008-01-14 20:18 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-01-14 19:23 . 2008-01-14 19:23 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-01-14 19:22 . 2008-01-14 19:22 <DIR> d-------- C:\c21f916eea1d68d6288cb9 2008-01-14 19:22 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-12 23:14 . 2008-01-12 23:14 <DIR> d-------- C:\Program Files\Windows Defender 2008-01-08 21:02 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp 2008-01-08 20:47 . 2008-01-17 00:43 <DIR> d-------- C:\Program Files\AlienGUIse 2008-01-08 20:47 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2008-01-05 19:01 . 2008-01-05 19:01 <DIR> d-------- C:\Program Files\Serif 2008-01-05 19:01 . 1998-12-08 20:53 212,480 --------- C:\WINDOWS\pcdlib32.dll 2008-01-05 17:20 . 2008-01-05 17:21 <DIR> d-------- C:\temp 2008-01-05 04:32 . 2008-01-05 04:32 <DIR> d-------- C:\Program Files\Bonjour 2008-01-05 04:20 . 2008-01-05 04:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-01-03 23:44 . 2008-01-17 00:32 <DIR> d-------- C:\Program Files\Windows Live 2008-01-03 23:44 . 2008-01-03 23:44 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-01-03 23:44 . 2008-01-04 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-01 18:57 . 2008-01-01 18:57 376 --a------ C:\WINDOWS\ODBC.INI 2008-01-01 18:54 . 2008-01-01 18:55 <DIR> d-------- C:\WINDOWS\ShellNew 2007-12-28 13:18 . 2007-10-11 00:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-28 13:18 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-28 13:18 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-28 13:18 . 2007-10-11 00:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-28 13:18 . 2007-10-11 00:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-28 13:18 . 2007-10-11 00:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-28 13:18 . 2007-10-11 00:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-28 13:18 . 2007-10-11 00:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-28 13:18 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-23 21:20 . 2007-12-23 23:21 1,407 --a------ C:\WINDOWS\mozver.dat 2007-12-23 21:17 . 2007-12-23 21:17 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 01:10 --------- d-----w C:\Program Files\Java 2008-01-16 23:39 --------- d-----w C:\Program Files\MSN Messenger 2008-01-16 23:13 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-14 22:16 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-14 20:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-14 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-01-14 18:31 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-11 22:08 --------- d-----w C:\Documents and Settings\Anja\Programdata\LimeWire 2008-01-05 18:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-01 18:08 --------- d-----w C:\Documents and Settings\Anja\Programdata\Skype 2007-12-09 20:48 --------- d-----w C:\Documents and Settings\Anja\Programdata\AdobeUM 2007-12-05 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-03 19:52 --------- d-----w C:\Program Files\iTunes 2007-12-03 19:51 --------- d-----w C:\Program Files\iPod 2007-12-03 19:50 --------- d-----w C:\Program Files\QuickTime 2007-12-03 19:47 --------- d-----w C:\Program Files\Common Files\Apple 2007-12-03 19:47 --------- d-----w C:\Program Files\Apple Software Update 2007-12-03 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-31 04:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-29 06:07 221,184 ----a-w C:\WINDOWS\system32\UCI32M23.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2006-10-02 23:43 2,402,550 ----a-w C:\WINDOWS\inf\SET63.tmp 2006-03-16 04:00 1,431,144 ----a-w C:\WINDOWS\inf\SETE2.tmp 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 21:00 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 19:40 7569408] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-09-01 23:14 70816] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-10 18:09 95960] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-01-10 11:09 1238928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-05-21 21:51:49] HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIseny\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIseny\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "MsmqIntCert"=regsvr32 /s mqrt.dll R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 16:07] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-16 05:00] R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 15:49] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28] S3 49ed0b40-ea80-44e0-8a71-970dea668e25;49ed0b40-ea80-44e0-8a71-970dea668e25;E:\Player\cds300.dll [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-17 02:28] S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ac66d2c-866a-11dc-ad1c-0016d316b35a}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9275dc7-095a-11dc-ac95-0016d316b35a}] \Shell\AutoRun\command - G:\setupSNK.exe *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-17 01:28:40 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe "2008-01-02 16:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-12 19:26:58 C:\WINDOWS\Tasks\Internett-tjenester.job" - C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exeb/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Internet Services\StartIS.aml "2008-01-17 10:33:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-17 10:31:53 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 11:42:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???8Z????????@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-17 11:42:44 ComboFix-quarantined-files.txt 2008-01-17 10:42:39 . 2008-01-16 23:09:21 --- E O F --- Avenger: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xuuyctlb ******************* Script file located at: \??\C:\Program Files\edituuik.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\lssas.exe deleted successfully. File C:\WINDOWS\ntmngr.exe not found! Deletion of file C:\WINDOWS\ntmngr.exe failed! Could not process line: C:\WINDOWS\ntmngr.exe Status: 0xc0000034 File C:\445930.exe not found! Deletion of file C:\445930.exe failed! Could not process line: C:\445930.exe Status: 0xc0000034 File C:\WINDOWS\images.zip deleted successfully. Completed script processing. ******************* Finished! Terminate. Endret 17. januar 2008 av Heineoen Lenke til kommentar
norbat Skrevet 17. januar 2008 Forfatter Rapporter Del Skrevet 17. januar 2008 Loggen er grei ut og du har fått fjerne de filene som var nødvendig. Hvordan oppfører MSN seg nå? Lenke til kommentar
Heineoen Skrevet 17. januar 2008 Rapporter Del Skrevet 17. januar 2008 Det var godt å høre Men er viruset knytta til brukerkontoen? Sender ikke ut på min hvertfall.. Har dog denne gule smilyen forsatt Lenke til kommentar
norbat Skrevet 17. januar 2008 Forfatter Rapporter Del Skrevet 17. januar 2008 Det bør være noen innstillinger der du kan forandre dette. Let, så finner du det sikker ut Lenke til kommentar
Programvare Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Kjekt at du sier fra norbat Dette forumet blir jo dynka i "hjelp meg, msn-viruset, hjt"-poster! Lenke til kommentar
Mr.Anki Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Tidligere i dag fikk jeg en komprimert fil på msn + noe tekst. Men husker ikke navnet.. Lenke til kommentar
Programvare Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Kan du poste en Hijackthis-logg Mr.Anki? Lenke til kommentar
KillYou Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 det siste, som er på nosrk og omhandler facebook og nettby og linker til en moo.no adresse lager filen c:\windows\scvhost.exe sjekk loggen min i den andre posten norbat. Har du noe i mot at dette blit lagt ut på siden der hvor det norske viruset linker til? Lenke til kommentar
KVTL Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 Midlertidig satt sticky for å informere brukerne på hva de kan poste for å få hjelp. MVH KVTL Lenke til kommentar
Mato Skrevet 20. januar 2008 Rapporter Del Skrevet 20. januar 2008 dama klarte og få dette på lapptoppen , etter en scan og clean med AVG FREE så mangler nå de fleste exe filene på datan , kjiperne reinstall her ja . exe filene var infiserte etter loggen på avg og bedømme og de kunne ikke cleanes og måtte slettet :/ Lenke til kommentar
Cobain Skrevet 21. januar 2008 Rapporter Del Skrevet 21. januar 2008 Har klikka på en sånn link som alle andre. Men når jeg starter maskinen, så kommer det opp fra windows brannmuren : Navn: Issas.exe Utgiver: Ukjent Type: Program Fra: C:/windows Og spørsmål om jeg vil kjøre programmet. Har ikke gjort dette, men regner med at det kanskje er det berømte MSN viruset da? Har hvertfal kjørt de programmene som du har post`a. Og siden jeg er (i følge mine små brødre) en n00b, så har jeg ikke peiling på hva loggen sier når jeg har kjørt Comofix. Så hvis du kunne sett over om det er noe urovekkende info der hadde det vært supert... ComboFix 08-01-20.1 - Kenth Brelin 2008-01-21 9:59:05.1 - NTFSx86 Running from: C:\Documents and Settings\Kenth Brelin\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 09:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-21 09:08 . 2008-01-21 09:08 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-14 23:20 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-14 23:20 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-14 23:20 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-14 23:20 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-14 23:20 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-14 23:20 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-14 23:20 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-14 23:20 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-14 23:20 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-14 23:19 . 2008-01-14 23:21 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-01-12 18:59 . 2008-01-12 18:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-12 18:59 . 2008-01-12 18:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-03 02:14 . 2008-01-03 02:14 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-01-03 02:13 . 2008-01-03 02:13 <DIR> d--h----- C:\Programfiler\Zenographics 2008-01-03 02:13 . 2006-07-30 18:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE 2008-01-03 02:13 . 2006-07-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe 2008-01-03 02:13 . 2006-07-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img 2008-01-03 02:13 . 2006-07-30 18:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1018.DLL 2008-01-03 02:13 . 2006-07-30 18:00 102,400 --a------ C:\WINDOWS\system32\zlhp1018.dll 2008-01-03 02:13 . 2006-07-30 18:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL 2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll 2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL 2008-01-03 02:13 . 2006-07-30 18:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL 2008-01-03 02:13 . 2006-07-30 18:00 7,273 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 07:35 71,690 ----a-w C:\Documents and Settings\Kenth Brelin\Programdata\wklnhst.dat 2008-01-17 18:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-16 21:12 --------- d-----w C:\Documents and Settings\Kenth Brelin\Programdata\dvdcss 2008-01-15 10:30 --------- d-----w C:\Programfiler\PKR 2008-01-03 01:13 --------- d-----w C:\Programfiler\Hewlett-Packard 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-31 04:00 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2006-05-08 09:20 1,670 ----a-w C:\Documents and Settings\Maria\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "Steam"="c:\spill\steam\steam.exe" [2008-01-14 23:45 1266936] "LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 09:00 339968] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 14:11 794624] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 09:54 282624] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-04-14 13:02 58992] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-01 20:17 100056] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184] "LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752] "LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-07-09 18:34 185896] "PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2008-01-15 11:30 2269800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSecurityTab"= 1 (0x1) R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\KENTHB~1\LOKALE~1\Temp\DMSKSSRh.sys [] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-04-29 06:45] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-11-21 14:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-11-24 13:27:07 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Kenth Brelin.job" Lenke til kommentar
Programvare Skrevet 21. januar 2008 Rapporter Del Skrevet 21. januar 2008 (endret) Driver å hjelper en jente i klassen som har fått dette nå. Hun sliter forferdelig med at PC-en går tregt sier hun, så det tar litt tid. I tillegg er hun ganske grønn innen data. Jeg kommer med en hjt- og combofix-logg etter at jeg har kjørt msn-fix. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:26:09, on 21.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hs.facebook.com/home.php? R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Pia\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163514418031 O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{889B7362-8B78-4686-9427-2F87D579826A}: NameServer = 10.0.0.254 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 12689 bytes ComboFix 08-01-20.1 - Pia 2008-01-21 15:50:29.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1350 [GMT 1:00] Running from: D:\Documents and Settings\Pia\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Program Files\FunWebProducts C:\WINDOWS\svchost.exe C:\WINDOWS\system32\ddcbyvw.dll C:\WINDOWS\system32\UpMedia C:\WINDOWS\system32\urqopnl.dll . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 15:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 20:22 . 2008-01-14 20:22 <DIR> d--h----- C:\WINDOWS\PIF 2008-01-05 01:07 . 2008-01-21 15:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-05 01:07 . 2008-01-05 01:07 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- D:\Documents and Settings\Pia\Application Data\Sony 2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Sony 2007-12-27 22:06 . 2007-12-27 22:06 <DIR> d-------- D:\Documents and Settings\Pia\Application Data\InstallShield 2007-12-27 22:06 . 2007-12-27 22:06 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BVRP Software 2007-12-27 22:06 . 2007-12-29 15:04 <DIR> d-------- C:\Program Files\Avanquest update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 14:14 --------- d-----w C:\Program Files\Trend Micro 2008-01-06 22:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-04 16:56 --------- d-----w C:\Program Files\Norton Security Scan 2007-12-27 21:31 --------- d-----w C:\Program Files\Sony Ericsson 2007-12-27 21:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-12-04 15:01 --------- d-----w C:\Program Files\Java 2007-12-02 16:20 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-22 21:02 --------- d-----w C:\Program Files\iTunes 2007-11-22 21:02 --------- d-----w C:\Program Files\iPod 2007-11-22 21:00 --------- d-----w C:\Program Files\QuickTime 2007-11-22 14:00 --------- d-----w C:\Program Files\LimeWire 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2006-12-15 20:28 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006121520061216\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-01-21_15.38.23.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 14:36:45 64,262 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-21 14:37:13 64,262 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-21 14:36:46 405,878 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-21 14:37:13 405,878 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 11:25 68856] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-18 15:42 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 13:03 7557120] "nwiz"="nwiz.exe" [2006-03-21 13:03 1519616 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-03-21 13:03 73728 C:\WINDOWS\system32\nvhotkey.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-03 23:43 897089] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704] "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50 221184] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32 184320] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a--c--- 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InputSet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless] --a--c--- 2006-05-01 10:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBTA] -ra--c--- 2002-03-22 19:43 126976 C:\WINDOWS\system32\usbtapnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WLANKEEPER"=2 (0x2) "S24EventMonitor"=2 (0x2) "RegSrvc"=2 (0x2) "ose"=3 (0x3) "gusvc"=3 (0x3) "EvtEng"=2 (0x2) R3 DUSBTAWAN;D-Link DU-128TA+ NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2001-01-31 19:43] R3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2001-11-08 01:23] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50] S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06] S3 mDTA128;D-Link DU-128TA+;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys [2003-12-31 19:15] S3 s117bus;Sony Ericsson Device 117 driver (WDM);C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 10:43] S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 10:43] S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 10:43] S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 10:43] S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS);C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 10:43] S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 10:43] S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM);C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 10:43] S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07] . Contents of the 'Scheduled Tasks' folder "2008-01-15 17:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-05 00:07:05 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-01-21 14:21:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-21 15:51:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe" . Completion time: 2008-01-21 15:54:04 ComboFix-quarantined-files.txt 2008-01-21 14:53:58 . 2008-01-21 14:10:24 --- E O F --- Endret 21. januar 2008 av Vintermåne Lenke til kommentar
NorvegianDad Skrevet 21. januar 2008 Rapporter Del Skrevet 21. januar 2008 Her er hverfall alle infiserte filer Jeg har funnet på PC-en min hittil etter at jeg er ferdig med en grundig skanning med Avast,men det er tydeligvis ikke alle. Fikk nettopp enda en gave til kisten. Ser ut at det er en del,foruten det med daemon tools,så er alt komt med MSN-viruset som min samboer greidde å laste ned. Lenke til kommentar
KVTL Skrevet 23. januar 2008 Rapporter Del Skrevet 23. januar 2008 Et stk meningsløst og off topic innlegg fjernet. Takk for oppmerksomheten MVH KVTL Lenke til kommentar
Møkkalasset Skrevet 26. januar 2008 Rapporter Del Skrevet 26. januar 2008 (endret) Ser min logg ok ut? maskina er vertfall mongo... henger av og til når eg surfer. Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:41:38, on 26.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\MSI\Core Center\CoreCenter.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe C:\Programfiler\Winamp\winamp.exe C:\WINDOWS\explorer.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\cmd.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197223078968 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197223190561 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8998 bytes[/code] ComboFix 08-01-23.1C - olga 2008-01-26 17:35:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1346 [GMT 1:00] Running from: C:\Documents and Settings\olga\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))) . 2008-01-26 17:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-21 17:41 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-01-21 17:28 . 2008-01-21 18:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-21 17:28 . 2008-01-21 17:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-21 17:28 . 2008-01-21 17:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-21 17:28 . 2008-01-21 17:40 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-21 15:33 . 2008-01-21 15:33 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-20 21:07 . 2008-01-20 21:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-19 22:19 . 2008-01-19 22:19 <DIR> d-------- C:\Programfiler\Opera 2008-01-17 16:56 . 2008-01-17 23:03 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-01-17 16:56 . 2008-01-17 23:03 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-01-17 16:56 . 2008-01-17 23:03 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-01-17 16:56 . 2008-01-17 23:03 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-01-17 16:39 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-16 22:12 . 2008-01-17 16:29 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-16 17:27 . 2008-01-21 17:52 <DIR> d-------- C:\Programfiler\Norton 360 2008-01-16 17:26 . 2008-01-17 23:03 <DIR> d-------- C:\Programfiler\Symantec 2008-01-16 17:26 . 2008-01-23 15:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-10 06:37 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-09 18:26 . 2008-01-09 18:26 <DIR> d-------- C:\WINDOWS\Sun 2008-01-09 18:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-09 18:25 . 2008-01-09 18:26 <DIR> d-------- C:\Programfiler\Java 2008-01-09 18:25 . 2008-01-09 18:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-01-08 18:21 . 2008-01-08 18:21 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2008-01-08 18:21 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-01-08 18:21 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-01-08 18:21 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-01-08 18:19 . 2008-01-08 18:20 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-07 15:35 . 2008-01-07 15:35 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys 2008-01-07 15:34 . 2008-01-23 15:53 <DIR> d-------- C:\Programfiler\The Cleaner Free 2008-01-02 19:22 . 2008-01-17 16:26 <DIR> d-------- C:\Programfiler\Yahoo! 2008-01-02 19:22 . 2008-01-02 19:22 <DIR> d-------- C:\Programfiler\CCleaner 2007-12-29 02:21 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-29 01:52 . 2006-11-08 09:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys 2007-12-29 01:52 . 2006-11-08 09:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe 2007-12-27 22:34 . 2007-12-27 22:34 20 --a------ C:\WINDOWS\mafosav.INI 2007-12-27 22:30 . 2007-12-27 22:30 <DIR> d-------- C:\Programfiler\Mario Forever 2007-12-27 21:42 . 2007-12-28 18:02 <DIR> d-------- C:\Programfiler\DOSBox-0.72 2007-12-27 21:42 . 2007-12-28 17:55 <DIR> d-------- C:\lostvikings . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-26 16:37 22,343,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-26 00:09 255,476 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-21 20:48 4,649,472 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-01-21 20:48 1,584,640 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-01-21 16:53 --------- d-----w C:\Programfiler\Winamp 2008-01-21 16:53 --------- d-----w C:\Programfiler\uTorrent 2008-01-21 16:52 --------- d-----w C:\Programfiler\MSN Messenger 2008-01-21 16:50 --------- d-----w C:\Programfiler\Fellesfiler\LightScribe 2008-01-21 16:50 --------- d-----w C:\Programfiler\DAEMON Tools 2008-01-19 21:23 --------- d-----w C:\Programfiler\SpywareBlaster 2008-01-16 21:12 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-16 20:50 1,537,024 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2007-12-30 13:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-30 13:24 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-12-24 23:15 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-24 23:15 --------- d-----w C:\Programfiler\Realtek AC97 2007-12-24 23:13 --------- d-----w C:\Programfiler\Setup Files 2007-12-24 23:03 2,947,072 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2007-12-24 23:03 1,396,224 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2007-12-24 18:58 --------- d-----w C:\Programfiler\The All-Seeing Eye 2007-12-24 18:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-24 16:07 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-12-20 15:24 --------- d-----w C:\Programfiler\Fellesfiler\Autodata Limited Shared 2007-12-18 17:58 --------- d-----w C:\Programfiler\WinAce 2007-12-18 16:21 --------- d-----w C:\Programfiler\Apple Software Update 2007-12-17 05:40 2,668,032 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2007-12-16 21:18 --------- d-----w C:\Programfiler\MSXML 4.0 2007-12-16 16:07 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-12-14 08:21 9,216 ----a-w C:\WINDOWS\system32\drivers\FlashSys.sys 2007-12-12 21:02 --------- d-----w C:\Programfiler\MSI 2007-12-11 21:06 94,636 ----a-w C:\WINDOWS\dropcpyr.dll 2007-12-11 21:06 73,728 ----a-w C:\WINDOWS\copyfstq.exe 2007-12-11 21:06 --------- d-----w C:\Programfiler\AMP WinOFF 2007-12-10 16:38 --------- d-----w C:\Programfiler\Runtime Software 2007-12-10 16:29 --------- d-----w C:\Programfiler\AGEIA Technologies 2007-12-09 17:31 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-12-09 17:01 --------- d-----w C:\Programfiler\VideoLAN 2007-12-09 16:59 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-12-09 16:41 --------- d-----w C:\Programfiler\Byggforsk 2007-12-09 14:51 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-09 12:23 --------- d-----w C:\Programfiler\SystemRequirementsLab 2007-12-08 16:41 --------- d-----w C:\Programfiler\Nero 2007-12-08 16:02 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-12-08 15:54 --------- d--h--w C:\Programfiler\Uninstall Information 2007-12-08 15:51 --------- d-----w C:\Programfiler\microsoft frontpage 2007-12-08 15:49 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-12-08 15:49 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-12-08 15:49 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-12-08 15:45 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-12-08 15:45 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-14 15:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-12-06 13:06 167368] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:32 579072] "Resume copy"="copyfstq.exe" [2007-12-11 22:06 73728 C:\WINDOWS\copyfstq.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008] "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-11 19:39 219136] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-06-15 06:56] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-06-15 06:56] R3 PCAlertDriver;PCAlertDriver;C:\Programfiler\MSI\Core Center\NTGLM7X.sys [2004-11-16 09:27] R3 RushTopDevice;RushTopDevice;C:\Programfiler\MSI\Core Center\RushTop.sys [2004-11-16 11:54] S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-07 15:35] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-21 14:30:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-26 17:37:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-26 17:37:41 . 2008-01-17 15:34:08 --- E O F --- /skjul] Kordan ser dette ut? Endret 26. januar 2008 av londoy Lenke til kommentar
Programvare Skrevet 26. januar 2008 Rapporter Del Skrevet 26. januar 2008 Loggen så ok ut den. Hvordan er maskina di? Lenke til kommentar
Møkkalasset Skrevet 26. januar 2008 Rapporter Del Skrevet 26. januar 2008 ok bra :-) Virker ok no får teste den ut noen dager se om den er stabil :-) Noen av programma i tråden fjærna noe i reg... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå