MSN virus hva skal jeg gjøre?

[TrulsHagen]

(skal virus postes her?)

Jeg har fått et såkalt Msn virus på pcen som sprer seg til andre pcer via denne linken:*Link fjernet av mod.*(ikke åpne) jeg har prøvd en rekke virusprogrammer for å fjerne det, men det har ikke fungert. Hva skal jeg gjøre?

Endret 31. mai 2008 av Jarmo

[Deluxus]

(skal virus postes her?)

Jeg har fått et såkalt Msn virus på pcen som sprer seg til andre pcer via denne linken:http://photobucket.stnet.nl/images69/Sexy3950.JPG_www.photobucket.com.exe

(ikke åpne) jeg har prøvd en rekke virusprogrammer for å fjerne det, men det har ikke fungert. Hva skal jeg gjøre?

restart pcen eller ring en data expert

[Gjest Bruker-127711]

mange sånne som går rundt omkring nå, bare idag har jeg fått 3 liknende meldinger, men har lært av mine feil.. ikke åpne.

 

jeg løste det ved å formatere, litt drastisk, men hadde masse annet tull også

[TrulsHagen]

vil helst ikke slette alt da..

[V5R1X]

Ta backup av det du trenger, så reformater. Eller virker kanskje ikke maskinen i det hele tatt? (er jo tross alt postet under 'Maskinen fungerer ikke')

[CFM]

Eller post en hijackthis logg her og skann dataen med et antivirusprogram..

[2ball_]

(skal virus postes her?)

Jeg har fått et såkalt Msn virus på pcen som sprer seg til andre pcer via denne linken:http:// * link fjernet av mod. *

(ikke åpne) jeg har prøvd en rekke virusprogrammer for å fjerne det, men det har ikke fungert. Hva skal jeg gjøre?

hadde et virus prog. en gang som ikke ville vekk.. det skapte ingen synlige problemer bortsett at det tok formen av et windows ikon(det som kommer opp fks. når man ikke har på firewall).

 

vist du klarer å lokalisere det, så kan du legge det i karantene for så å bruke fileshredder til å slette det manuelt... jeg brukte fileshredderen i "Speed Up My PC".. funka fett det..

 

gilera@ tenkte litt på hjt-logg, men det er gøyest å klare det på egen hånd

Endret 31. mai 2008 av Jarmo

[TrulsHagen]

hva er en hjt-logg?

[leifeinar]

dette er faktisk enkelt. regner med du får beskjed om at du er logget på en annen maskin? så det holder faktisk og bare bytte bassord

[Fred7555]

Jeg reinnstalerte MSN bare, så var det vekk igjenn.

[TrulsHagen]

dette er faktisk enkelt. regner med du får beskjed om at du er logget på en annen maskin? så det holder faktisk og bare bytte bassord

 

Nå skjønner jeg lite her... Jeg får iallefall ikke beskjed om at jeg er logget på en annen maskin

[TrulsHagen]

Fikk denne loggen her. Noen som kan analysere? med combofix

 

ComboFix 08-05-29.1 - Espen 2008-05-31 18:38:51.2 - NTFSx86

Running from: C:\Documents and Settings\Espen\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\images.zip

C:\WINDOWS\scvhost.exe

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

 

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))

.

 

2008-05-31 16:03 . 2008-05-31 16:06 <DIR> d-------- C:\WINDOWS\LastGood

2008-05-31 14:14 . 2008-05-31 14:14 65,536 --a------ C:\WINDOWS\syshost.exe

2008-05-31 13:42 . 2008-05-31 13:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-05-31 13:34 . 2008-05-31 13:35 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-05-31 13:30 . 2008-05-31 13:30 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\DAEMON Tools

2008-05-31 13:30 . 2008-05-31 13:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-31 13:26 . 2008-05-31 13:26 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\Sonic

2008-05-31 13:25 . 2008-05-31 13:25 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\Leadertech

2008-05-30 22:58 . 2008-05-30 22:58 49,156 -r-hs---- C:\WINDOWS\ehSched.exe

2008-05-30 20:36 . 2008-05-30 20:36 7,168 --a------ C:\WINDOWS\Espen.pcb

2008-05-30 20:33 . 2007-09-18 16:24 213 --a------ C:\WINDOWS\system32\install.bat

2008-05-30 20:32 . 2007-09-18 16:24 676,224 --a------ C:\WINDOWS\system32\OGACheckControl.dll

2008-05-30 20:24 . 2008-05-30 20:24 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-05-30 20:21 . 2008-05-31 13:42 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-05-30 20:21 . 2008-05-31 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-30 20:20 . 2008-05-30 20:20 <DIR> dr-h----- C:\MSOCache

2008-05-29 16:48 . 2008-05-29 16:48 <DIR> d-------- C:\Program Files\Dropbox

2008-05-29 16:48 . 2008-05-31 17:30 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\Dropbox

2008-05-29 16:42 . 2008-05-30 16:27 <DIR> d-------- C:\Program Files\VentriloMIX

2008-05-29 16:28 . 2008-05-29 16:29 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\Ventrilo

2008-05-29 16:19 . 2008-05-29 16:19 <DIR> d-------- C:\Program Files\Ventrilo

2008-05-29 16:18 . 2008-05-29 16:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-26 18:46 . 2008-05-26 21:19 <DIR> d-------- C:\Documents and Settings\Espen\Caesar3

2008-05-25 01:12 . 2008-05-25 01:12 <DIR> d-------- C:\Program Files\Apple Software Update

2008-05-25 00:29 . 2008-05-25 00:29 <DIR> d---s---- C:\Documents and Settings\NetworkService\Temporary Internet Files

2008-05-25 00:29 . 2008-05-25 00:29 <DIR> d---s---- C:\Documents and Settings\NetworkService\Logg

2008-05-24 16:11 . 2008-05-24 16:13 <DIR> d-------- C:\Documents and Settings\Bjørn\Programdata\ICAClient

2008-05-24 16:04 . 2008-05-24 16:04 <DIR> d-------- C:\Program Files\Citrix

2008-05-24 15:55 . 2008-05-31 10:47 <DIR> d---s---- C:\Documents and Settings\Bjørn\Temporary Internet Files

2008-05-24 15:55 . 2008-05-31 10:47 <DIR> d---s---- C:\Documents and Settings\Bjørn\Temporary Internet Files

2008-05-24 15:55 . 2008-05-24 16:03 <DIR> dr------- C:\Documents and Settings\Bjørn\Skrivebord

2008-05-24 15:55 . 2008-05-24 16:03 <DIR> dr------- C:\Documents and Settings\Bjørn\Skrivebord

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr-h----- C:\Documents and Settings\Bjørn\Siste

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr-h----- C:\Documents and Settings\Bjørn\Siste

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> d-------- C:\Documents and Settings\Bjørn\Programdata\Symantec

2008-05-24 15:55 . 2008-05-24 16:11 <DIR> d-------- C:\Documents and Settings\Bjørn\Programdata

2008-05-24 15:55 . 2008-05-24 16:11 <DIR> d-------- C:\Documents and Settings\Bjørn\Programdata

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr------- C:\Documents and Settings\Bjørn\Mine dokumenter

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr------- C:\Documents and Settings\Bjørn\Mine dokumenter

2008-05-24 15:55 . 2008-05-02 03:24 <DIR> d-------- C:\Documents and Settings\Bjørn\Lokale innstillinger

2008-05-24 15:55 . 2008-05-02 03:24 <DIR> d-------- C:\Documents and Settings\Bjørn\Lokale innstillinger

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> d---s---- C:\Documents and Settings\Bjørn\Logg

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> d---s---- C:\Documents and Settings\Bjørn\Logg

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr------- C:\Documents and Settings\Bjørn\Favoritter

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> dr------- C:\Documents and Settings\Bjørn\Favoritter

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> d--h----- C:\Documents and Settings\Bjørn\AndrMask

2008-05-24 15:55 . 2008-05-24 15:55 <DIR> d--h----- C:\Documents and Settings\Bjørn\AndrMask

2008-05-24 15:55 . 2008-05-24 16:06 <DIR> d-------- C:\Documents and Settings\Bjørn

2008-05-19 20:58 . 2008-05-19 20:58 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\Apple Computer

2008-05-19 20:58 . 2008-05-31 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-19 20:58 . 2008-05-19 20:58 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-19 20:57 . 2008-05-19 20:57 <DIR> d-------- C:\Program Files\iPod

2008-05-19 20:56 . 2008-05-19 20:56 <DIR> d-------- C:\Program Files\QuickTime

2008-05-19 20:56 . 2008-05-19 20:57 <DIR> d-------- C:\Program Files\iTunes

2008-05-19 20:56 . 2008-05-19 20:56 <DIR> d-------- C:\Program Files\Bonjour

2008-05-19 20:56 . 2008-05-19 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-19 20:55 . 2008-05-19 20:55 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-05-19 20:55 . 2008-05-19 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-05-19 20:55 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-05-19 19:28 . 2008-05-19 19:28 28 --a------ C:\WINDOWS\Espen.acl

2008-05-19 19:23 . 2008-05-20 15:19 <DIR> d-------- C:\Documents and Settings\Espen\Shared

2008-05-19 19:23 . 2008-05-20 20:17 <DIR> d-------- C:\Documents and Settings\Espen\Incomplete

2008-05-19 19:18 . 2008-05-20 20:17 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\LimeWire

2008-05-19 19:17 . 2008-05-20 15:07 <DIR> d-------- C:\Program Files\LimeWire

2008-05-19 18:53 . 2008-05-19 18:54 <DIR> d-------- C:\Program Files\Pj64

2008-05-19 18:42 . 2008-05-19 18:42 <DIR> d-------- C:\Program Files\Limewire Lime Wire Pro 4.12.3

2008-05-19 18:10 . 2008-05-19 18:10 7,680 --ahs---- C:\WINDOWS\Thumbs.db

2008-05-19 18:07 . 2008-05-19 18:07 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-05-19 18:06 . 2008-05-19 18:06 <DIR> d-------- C:\Program Files\Red Kawa

2008-05-18 19:05 . 2008-05-18 19:05 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\vlc

2008-05-18 19:02 . 2008-05-18 19:02 <DIR> d-------- C:\Program Files\VideoLAN

2008-05-18 13:45 . 2008-05-26 21:44 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\BitTorrent

2008-05-18 13:44 . 2008-05-18 13:44 <DIR> d-------- C:\Program Files\DNA

2008-05-18 13:44 . 2008-05-18 13:44 <DIR> d-------- C:\Program Files\BitTorrent

2008-05-18 13:44 . 2008-05-31 18:38 <DIR> d-------- C:\Documents and Settings\Espen\Programdata\DNA

2008-05-16 12:57 . 2008-05-30 14:32 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-16 12:57 . 2008-05-16 12:57 22,328 --a------ C:\Documents and Settings\Sven Petter\Programdata\PnkBstrK.sys

2008-05-16 12:56 . 2008-05-30 14:32 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-05-16 12:56 . 2008-05-16 14:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-05-16 12:56 . 2008-05-16 12:56 319 --a------ C:\WINDOWS\game.ini

2008-05-16 12:42 . 2008-05-16 12:42 <DIR> d-------- C:\Program Files\Activision

2008-05-16 12:37 . 2008-05-16 12:37 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-05-15 20:18 . 2008-05-15 20:18 <DIR> d-------- C:\Logs

2008-05-15 20:13 . 2008-05-15 20:13 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-05-13 08:45 . 2008-05-13 08:45 268 --ah----- C:\sqmdata14.sqm

2008-05-13 08:45 . 2008-05-13 08:45 244 --ah----- C:\sqmnoopt14.sqm

2008-05-13 08:29 . 2008-05-13 08:29 268 --ah----- C:\sqmdata15.sqm

2008-05-13 08:29 . 2008-05-13 08:29 244 --ah----- C:\sqmnoopt15.sqm

2008-05-09 16:01 . 2008-05-09 16:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-07 15:51 . 2008-05-07 15:51 268 --ah----- C:\sqmdata11.sqm

2008-05-07 15:51 . 2008-05-07 15:51 244 --ah----- C:\sqmnoopt11.sqm

2008-05-07 13:55 . 2008-05-07 13:55 268 --ah----- C:\sqmdata10.sqm

2008-05-07 13:55 . 2008-05-07 13:55 244 --ah----- C:\sqmnoopt10.sqm

2008-05-06 08:53 . 2008-05-06 08:53 268 --ah----- C:\sqmdata09.sqm

2008-05-06 08:53 . 2008-05-06 08:53 244 --ah----- C:\sqmnoopt09.sqm

2008-05-06 08:45 . 2008-05-06 08:45 268 --ah----- C:\sqmdata08.sqm

2008-05-06 08:45 . 2008-05-06 08:45 244 --ah----- C:\sqmnoopt08.sqm

2008-05-06 06:49 . 2008-05-06 06:49 268 --ah----- C:\sqmdata07.sqm

2008-05-06 06:49 . 2008-05-06 06:49 244 --ah----- C:\sqmnoopt07.sqm

2008-05-06 06:43 . 2008-05-06 06:43 268 --ah----- C:\sqmdata06.sqm

2008-05-06 06:43 . 2008-05-06 06:43 244 --ah----- C:\sqmnoopt06.sqm

2008-05-06 06:39 . 2008-05-06 06:39 268 --ah----- C:\sqmdata05.sqm

2008-05-06 06:39 . 2008-05-06 06:39 244 --ah----- C:\sqmnoopt05.sqm

2008-05-05 21:53 . 2008-05-05 21:53 268 --ah----- C:\sqmdata04.sqm

2008-05-05 21:53 . 2008-05-05 21:53 244 --ah----- C:\sqmnoopt04.sqm

2008-05-05 17:04 . 2008-05-05 17:04 268 --ah----- C:\sqmdata03.sqm

2008-05-05 17:04 . 2008-05-05 17:04 244 --ah----- C:\sqmnoopt03.sqm

2008-05-05 10:56 . 2008-05-05 10:56 268 --ah----- C:\sqmdata02.sqm

2008-05-05 10:56 . 2008-05-05 10:56 244 --ah----- C:\sqmnoopt02.sqm

2008-05-04 22:11 . 2008-05-04 22:11 268 --ah----- C:\sqmdata01.sqm

2008-05-04 22:11 . 2008-05-04 22:11 244 --ah----- C:\sqmnoopt01.sqm

2008-05-04 15:07 . 2008-05-04 15:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-04 13:23 . 2008-05-04 13:23 268 --ah----- C:\sqmdata00.sqm

2008-05-04 13:23 . 2008-05-04 13:23 244 --ah----- C:\sqmnoopt00.sqm

2008-05-04 10:39 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-04 10:39 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-04 10:39 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-04 01:03 . 2008-05-19 18:42 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-05-04 01:03 . 2008-05-20 14:19 <DIR> d-------- C:\Documents and Settings\Espen\Contacts

2008-05-04 01:02 . 2008-05-19 20:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-04 00:58 . 2008-05-04 01:02 <DIR> d-------- C:\Program Files\Windows Live

2008-05-04 00:58 . 2008-05-04 01:02 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-04 00:58 . 2007-09-20 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-03 22:11 . 2008-05-04 10:41 23 --a------ C:\WINDOWS\BlendSettings.ini

2008-05-03 20:26 . 2008-05-03 20:26 <DIR> d-------- C:\Program Files\Bethesda Softworks

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-31 11:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-31 08:03 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-05-31 08:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-05-31 08:03 --------- d-----w C:\Program Files\Symantec

2008-05-30 18:26 --------- d-----w C:\Program Files\Microsoft Works

2008-05-21 16:13 --------- d-----w C:\Program Files\Norton Internet Security

2008-05-19 16:42 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-05-19 16:42 --------- d-----w C:\Program Files\NetWaiting

2008-05-16 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-02 01:32 --------- d-----w C:\Program Files\Windows XP MUI Pack

2008-05-02 01:31 --------- d-----w C:\Program Files\Windows Plus

2008-05-02 01:31 --------- d-----w C:\Program Files\Synaptics

2008-05-02 01:31 --------- d-----w C:\Program Files\Sonic

2008-05-02 01:30 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-02 01:29 --------- d-----w C:\Program Files\Java

2008-05-02 01:29 --------- d-----w C:\Program Files\HPQ

2008-05-02 01:29 --------- d-----w C:\Program Files\HP

2008-05-02 01:28 --------- d-----w C:\Program Files\EasyBits

2008-05-02 01:28 --------- d-----w C:\Program Files\CONEXANT

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\TiVo Shared

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\LightScribe

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\Java

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\HP

2008-05-02 01:28 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-05-02 01:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec

2008-05-01 19:14 --------- d-----w C:\Program Files\Google

2008-05-01 17:13 --------- d-----w C:\Program Files\Hewlett-Packard

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@={FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@={4D463F8F-907A-4B7D-8210-0E0682BFC14D}

 

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2008-05-06 14:42 147456 --a------ C:\Program Files\Dropbox\DropboxExt.dll

 

[HKEY_CLASSES_ROOT\CLSID\{4D463F8F-907A-4B7D-8210-0E0682BFC14D}]

2008-05-06 14:42 147456 --a------ C:\Program Files\Dropbox\DropboxExt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 06:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-06 17:45 68856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-18 13:44 289088]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 21:03 36975]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]

"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]

"MsmqIntCert"="regsvr32 /s mqrt.dll" []

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 16:27 52848]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]

"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02 40960]

"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]

"Windows UDP Control Center"="ehSched.exe" [2008-05-30 22:58 49156 C:\WINDOWS\ehSched.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 06:00 15360]

 

C:\Documents and Settings\Espen\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Program Files\Dropbox\dropbox.exe [2008-05-08 03:36:10 8514145]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-05-01 19:13:31 98304]

HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728]

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\mqsvc.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-04 08:08]

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49]

S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 22:39]

S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\Espen\LOCALS~1\Temp\TCCpuInfo.sys []

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 12:16]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-05-24 23:12:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-05-31 08:08:13 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exeb/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Internet Services\StartIS.aml

"2008-05-30 20:29:14 C:\WINDOWS\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Espen.job"

- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:

"2008-05-31 16:13:04 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-31 18:42:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???PX??????Y?@?????<?@

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-31 18:43:01

ComboFix-quarantined-files.txt 2008-05-31 16:42:55

ComboFix2.txt 2008-05-31 09:01:48

 

Pre-Run: 48,874,139,648 bytes free

Post-Run: 48,862,740,480 bytes free

 

291 --- E O F --- 2008-05-30 21:19:20

Endret 31. mai 2008 av TrulsHagen

[norbat]

1. Bytt passord på msn-brukerkontoen

2. Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

 

Kopier loggfilen fra combofix (c:\combofix.txt) og lim den inn i din neste post. Denne loggen kan fortelle om du evt. har noe som bør fjernes.

[kilik_02]

har fått akkurat samme viruse :S

[BlackH]

Hva med å bruke system restore? Resette registeret til før du klikka på linken.. Da vil i det minste viruset ikke starte opp.

[norbat]

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\syshost.exe

 

Deretter kjører du en quick scan med gratisversjonen til SAS

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile".

 

Loggfilen kopierer du og poster, så ser vi om det er noe mer å gjøre

[leifeinar]

dette er faktisk enkelt. regner med du får beskjed om at du er logget på en annen maskin? så det holder faktisk og bare bytte bassord

 

Nå skjønner jeg lite her... Jeg får iallefall ikke beskjed om at jeg er logget på en annen maskin

 

 

vel, noen eller noe bruker kontoen din til og sende ting rundt. så da bruker de nok passordet ditt

[Kapli]

leifeinar, det er jo klart i dette tilfellet at det er et virus på PC-en som sender ut disse beskjedene. Hadde dette viruset koblet seg til fra remote så hadde den trengt passord ja, men da hadde han blitt logget ut, og det blir han ikke. Tviler derfor på at å skifte passord vil hjelpe noe siden viruset ikke bruker passordet til noe, eller har passordet hans for den sags skyld.

[2ball_]

en ting: spoiler når du legger ut hjt-logg o.l.

[TrulsHagen]

Reformaterte hele hardisken og ble slik kvitt det...