Rapporter Info: MSN-virus - photobucket m.fl LES denne før dere lager en post om MSN- viruset. i IKT-drift og sikkerhet Skrevet 21. januar 2008 Har klikka på en sånn link som alle andre. Men når jeg starter maskinen, så kommer det opp fra windows brannmuren : Navn: Issas.exe Utgiver: Ukjent Type: Program Fra: C:/windows Og spørsmål om jeg vil kjøre programmet. Har ikke gjort dette, men regner med at det kanskje er det berømte MSN viruset da? Har hvertfal kjørt de programmene som du har post`a. Og siden jeg er (i følge mine små brødre) en n00b, så har jeg ikke peiling på hva loggen sier når jeg har kjørt Comofix. Så hvis du kunne sett over om det er noe urovekkende info der hadde det vært supert... ComboFix 08-01-20.1 - Kenth Brelin 2008-01-21 9:59:05.1 - NTFSx86 Running from: C:\Documents and Settings\Kenth Brelin\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 09:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-21 09:08 . 2008-01-21 09:08 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-14 23:20 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-01-14 23:20 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-01-14 23:20 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-01-14 23:20 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-01-14 23:20 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-01-14 23:20 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-01-14 23:20 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-01-14 23:20 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-01-14 23:20 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-01-14 23:19 . 2008-01-14 23:21 <DIR> d-------- C:\WINDOWS\system32\nb-no 2008-01-12 18:59 . 2008-01-12 18:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-12 18:59 . 2008-01-12 18:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-03 02:14 . 2008-01-03 02:14 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter 2008-01-03 02:13 . 2008-01-03 02:13 <DIR> d--h----- C:\Programfiler\Zenographics 2008-01-03 02:13 . 2006-07-30 18:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE 2008-01-03 02:13 . 2006-07-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe 2008-01-03 02:13 . 2006-07-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img 2008-01-03 02:13 . 2006-07-30 18:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1018.DLL 2008-01-03 02:13 . 2006-07-30 18:00 102,400 --a------ C:\WINDOWS\system32\zlhp1018.dll 2008-01-03 02:13 . 2006-07-30 18:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL 2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll 2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL 2008-01-03 02:13 . 2006-07-30 18:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL 2008-01-03 02:13 . 2006-07-30 18:00 7,273 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 07:35 71,690 ----a-w C:\Documents and Settings\Kenth Brelin\Programdata\wklnhst.dat 2008-01-17 18:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-16 21:12 --------- d-----w C:\Documents and Settings\Kenth Brelin\Programdata\dvdcss 2008-01-15 10:30 --------- d-----w C:\Programfiler\PKR 2008-01-03 01:13 --------- d-----w C:\Programfiler\Hewlett-Packard 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-31 04:00 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2006-05-08 09:20 1,670 ----a-w C:\Documents and Settings\Maria\Programdata\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360] "Steam"="c:\spill\steam\steam.exe" [2008-01-14 23:45 1266936] "LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 09:00 339968] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 14:11 794624] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 09:54 282624] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-04-14 13:02 58992] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-01 20:17 100056] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184] "LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752] "LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-07-09 18:34 185896] "PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2008-01-15 11:30 2269800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSecurityTab"= 1 (0x1) R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\KENTHB~1\LOKALE~1\Temp\DMSKSSRh.sys [] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-04-29 06:45] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-11-21 14:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-11-24 13:27:07 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Kenth Brelin.job"
Info: MSN-virus - photobucket m.fl LES denne før dere lager en post om MSN- viruset.
i IKT-drift og sikkerhet
Skrevet
Har klikka på en sånn link som alle andre. Men når jeg starter maskinen, så kommer det opp fra windows brannmuren :
Navn: Issas.exe
Utgiver: Ukjent
Type: Program
Fra: C:/windows
Og spørsmål om jeg vil kjøre programmet. Har ikke gjort dette, men regner med at det kanskje er det berømte MSN viruset da?
Har hvertfal kjørt de programmene som du har post`a.
Og siden jeg er (i følge mine små brødre) en n00b, så har jeg ikke peiling på hva loggen sier når jeg har kjørt Comofix.
Så hvis du kunne sett over om det er noe urovekkende info der hadde det vært supert...
ComboFix 08-01-20.1 - Kenth Brelin 2008-01-21 9:59:05.1 - NTFSx86
Running from: C:\Documents and Settings\Kenth Brelin\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.
2008-01-21 09:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 09:08 . 2008-01-21 09:08 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-14 23:20 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-14 23:20 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-14 23:20 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-14 23:20 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-14 23:20 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-14 23:20 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-14 23:20 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-14 23:20 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-14 23:20 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-14 23:19 . 2008-01-14 23:21 <DIR> d-------- C:\WINDOWS\system32\nb-no
2008-01-12 18:59 . 2008-01-12 18:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-12 18:59 . 2008-01-12 18:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-03 02:14 . 2008-01-03 02:14 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter
2008-01-03 02:13 . 2008-01-03 02:13 <DIR> d--h----- C:\Programfiler\Zenographics
2008-01-03 02:13 . 2006-07-30 18:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE
2008-01-03 02:13 . 2006-07-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe
2008-01-03 02:13 . 2006-07-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img
2008-01-03 02:13 . 2006-07-30 18:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1018.DLL
2008-01-03 02:13 . 2006-07-30 18:00 102,400 --a------ C:\WINDOWS\system32\zlhp1018.dll
2008-01-03 02:13 . 2006-07-30 18:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll
2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL
2008-01-03 02:13 . 2006-07-30 18:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL
2008-01-03 02:13 . 2006-07-30 18:00 7,273 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 07:35 71,690 ----a-w C:\Documents and Settings\Kenth Brelin\Programdata\wklnhst.dat
2008-01-17 18:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared
2008-01-16 21:12 --------- d-----w C:\Documents and Settings\Kenth Brelin\Programdata\dvdcss
2008-01-15 10:30 --------- d-----w C:\Programfiler\PKR
2008-01-03 01:13 --------- d-----w C:\Programfiler\Hewlett-Packard
2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 04:00 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-05-08 09:20 1,670 ----a-w C:\Documents and Settings\Maria\Programdata\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"Steam"="c:\spill\steam\steam.exe" [2008-01-14 23:45 1266936]
"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 09:00 339968]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 14:11 794624]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316]
"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-04-14 13:02 58992]
"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-01 20:17 100056]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-07-09 18:34 185896]
"PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2008-01-15 11:30 2269800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\KENTHB~1\LOKALE~1\Temp\DMSKSSRh.sys []
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-04-29 06:45]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 14:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2007-11-24 13:27:07 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Kenth Brelin.job"