Spørsmål angående bruk av AVG [Lagt til logger]

[Edian]

Hei!

Jeg har noen plageonder jeg ønsker fjernet på laptopen. Jeg kjører da en scan med AVG Internet Security (gratisversjon). Og ting har blitt fjernet. Men så har vi truslene som ikke blir fjernet, men bare funnet. Hvordan skal jeg få de vekk? Og i blant får jeg opp at trussel er oppdaget, men når jeg velger å helbrede (heal) fila, sier den at filen ikke eksisterer. Jeg går inn i mappa som fila skal ligge i, men finner ikke.

Trenger tips!!

Endret 16. oktober 2008 av Nanophus

[Bytex]

I veldig mange sånne spyware-infeksjoner hjelper det ikke å bare scanne med antivirus. Det må ofte spesiellt laga verktøy til for å fjerne de mest utspekulerte (og også vanligste). Hvis du søker i google på navnet på trusselen finner du ofte steg for steg guider om å fjerne de. Må ofte inn og fjerne obskure ting i registry, slette diverse filer rundt på HD'n osv.

[flyndrefjes]

Har du prøvd å skru av automatisk gjenoppretting før du scanner og reparerer med AVG?

 

På eget ansvar.

[Edian]

Problemet er at det gjelder en låncepc, så når jeg skal ta valg utover dette, må det være forsvarlig.

[snippsat]

Følg veiledningen.

https://www.diskusjon.no/index.php?showtopic=691246

Loggene poster du her i tråden din.

[Edian]

Tusen takk

 

Her er loggene fra HJT, Combo og MBAM.

 

HJT

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:32, on 16.10.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe

C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

C:\APPS\Powercinema\PCMService.exe

C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\APPS\SMP\SmpSys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\internet explorer\iexplore.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Pc04\Skrivebord\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programfiler\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [DetectorApp] C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209393811052

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programfiler\Crawler\Toolbar\ctbr.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: USBDeviceService - Unknown owner - C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

 

--

End of file - 7941 bytes

 

 

ComboFix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-10-16.01 - Pc04 2008-10-16 22:04:09.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.556 [GMT 2:00]

Running from: C:\Documents and Settings\Pc04\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users\Start-meny\Programmer\Antivirus XP 2008\Uninstall.lnk

C:\Documents and Settings\johanne\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Pc04\Cookies\acakanudid.inf

C:\Documents and Settings\Pc04\Cookies\duqylihabe.ban

C:\Documents and Settings\Pc04\Cookies\ehip.db

C:\Documents and Settings\Pc04\Cookies\ololoh.scr

C:\Documents and Settings\Pc04\Cookies\uvypyru._sy

C:\Documents and Settings\Pc04\Cookies\wijohukazu.inf

C:\Documents and Settings\Pc04\Cookies\ywaconenor.sys

C:\Documents and Settings\Pc04\Start-meny\Programmer\XP_AntiSpyware

C:\Documents and Settings\Pc04\Start-meny\Programmer\XP_AntiSpyware\Uninstall.lnk

C:\Documents and Settings\Pc04\Start-meny\Programmer\XP_AntiSpyware\XP_AntiSpyware.lnk

C:\WINDOWS\admintxt.txt

C:\WINDOWS\system32\drivers\avgrkx86.sys

C:\WINDOWS\system32\fwyncvru.ini

C:\WINDOWS\system32\hucpoxvo.ini

C:\WINDOWS\system32\qmusyjsh.ini

C:\WINDOWS\system32\syuiefpm.ini

C:\WINDOWS\system32\VFhkkUtv.ini

C:\WINDOWS\system32\VFhkkUtv.ini2

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AVGRKX86

-------\Service_AvgRkx86

 

 

((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))

.

 

2008-10-16 21:45 . 2008-10-16 21:45 <DIR> dr-h----- C:\Documents and Settings\Pc04\Siste

2008-10-16 21:41 . 2008-10-16 21:41 <DIR> d-------- C:\Documents and Settings\Pc04\Programdata\Malwarebytes

2008-10-16 21:41 . 2008-10-16 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-16 21:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-16 21:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-12 22:39 . 2008-10-12 22:39 19,742 --a------ C:\Programfiler\Fellesfiler\uxixyc.bat

2008-10-12 22:39 . 2008-10-12 22:39 19,475 --a------ C:\Documents and Settings\All Users\Programdata\baju.reg

2008-10-12 22:39 . 2008-10-12 22:39 18,660 --a------ C:\WINDOWS\system32\apuv.db

2008-10-12 22:39 . 2008-10-12 22:39 18,170 --a------ C:\WINDOWS\system32\zerofav.dl

2008-10-12 22:39 . 2008-10-12 22:39 17,482 --a------ C:\Documents and Settings\All Users\Programdata\ezocomicuh.exe

2008-10-12 22:39 . 2008-10-12 22:39 17,270 --a------ C:\WINDOWS\ijawe.dl

2008-10-12 22:39 . 2008-10-12 22:39 16,631 --a------ C:\WINDOWS\exec.vbs

2008-10-12 22:39 . 2008-10-12 22:39 15,192 --a------ C:\WINDOWS\system32\tekow._sy

2008-10-12 22:39 . 2008-10-12 22:39 14,332 --a------ C:\Programfiler\Fellesfiler\daca.sys

2008-10-12 22:39 . 2008-10-12 22:39 14,212 --a------ C:\WINDOWS\rigyf.ban

2008-10-12 22:39 . 2008-10-12 22:39 12,764 --a------ C:\WINDOWS\ibotygidah.exe

2008-10-12 22:39 . 2008-10-12 22:39 11,533 --a------ C:\WINDOWS\cybinuz.vbs

2008-10-12 22:39 . 2008-10-12 22:39 10,675 --a------ C:\WINDOWS\wileverawy.db

2008-10-12 21:51 . 2008-10-16 21:57 <DIR> d-------- C:\Programfiler\emcipxf

2008-10-12 21:50 . 2008-10-15 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\uborovyv

2008-10-11 00:24 . 2008-10-16 18:11 <DIR> d--h----- C:\$AVG8.VAULT$

2008-10-10 23:41 . 2008-10-16 15:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-10 23:41 . 2008-10-10 23:41 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-10 23:41 . 2008-10-10 23:41 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-10-10 23:41 . 2008-10-10 23:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-10 23:39 . 2008-10-10 23:39 <DIR> d-------- C:\Programfiler\AVG

2008-10-10 23:39 . 2008-10-11 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-10-10 23:39 . 2008-10-10 23:39 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll

2008-10-10 23:39 . 2008-10-10 23:39 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-10-10 23:14 . 2008-10-10 23:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)

2008-10-10 23:10 . 2008-10-10 23:22 <DIR> d-------- C:\Programfiler\AVG(2)

2008-10-10 23:10 . 2008-10-10 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8(2)

2008-10-08 20:16 . 2008-10-08 20:16 <DIR> d-------- C:\Documents and Settings\Pc04\Programdata\ESET

2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET

2008-10-08 20:09 . 2008-10-10 23:22 <DIR> d-------- C:\Documents and Settings\Pc04\Programdata\uTorrent

2008-10-06 22:28 . 2008-10-16 22:00 <DIR> d-------- C:\Documents and Settings\Pc04\Programdata\OpenOffice.org2

2008-10-06 22:25 . 2008-10-06 22:26 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.4

2008-09-17 19:15 . 2008-04-29 00:31 <DIR> dr------- C:\Documents and Settings\johanne\Start-meny

2008-09-17 19:15 . 2008-04-29 00:26 <DIR> d--h----- C:\Documents and Settings\johanne\Skrivere

2008-09-17 19:15 . 2008-09-17 19:15 <DIR> dr------- C:\Documents and Settings\johanne\Skrivebord

2008-09-17 19:15 . 2008-09-17 19:15 <DIR> dr-h----- C:\Documents and Settings\johanne\Siste

2008-09-17 19:15 . 2008-04-29 00:31 <DIR> d-------- C:\Documents and Settings\johanne\Programdata\Symantec

2008-09-17 19:15 . 2008-10-10 23:15 <DIR> dr-h----- C:\Documents and Settings\johanne\Programdata

2008-09-17 19:15 . 2008-09-17 19:15 <DIR> dr------- C:\Documents and Settings\johanne\Mine dokumenter

2008-09-17 19:15 . 2008-04-29 00:30 <DIR> d--h----- C:\Documents and Settings\johanne\Maler

2008-09-17 19:15 . 2008-04-29 00:30 <DIR> d--h----- C:\Documents and Settings\johanne\Lokale innstillinger

2008-09-17 19:15 . 2008-09-17 19:15 <DIR> dr------- C:\Documents and Settings\johanne\Favoritter

2008-09-17 19:15 . 2008-04-29 00:26 <DIR> d--h----- C:\Documents and Settings\johanne\AndrMask

2008-09-17 19:15 . 2008-10-10 23:42 <DIR> d-------- C:\Documents and Settings\johanne

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-06 20:25 --------- d-----w C:\Programfiler\Java

2008-10-03 21:21 --------- d-----w C:\Programfiler\Windows Live

2008-10-03 21:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-09-12 12:06 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-07-18 17:02 320,512 ----a-w C:\WINDOWS\Tele2Uninstall.exe

2008-07-12 21:11 0 ----a-w C:\Documents and Settings\Pc04\jagex_runescape_preferences.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 975360]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 7561216]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"DetectorApp"="C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Ulead AutoDetector v2"="C:\Programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 147456]

"Ulead AutoDetector"="C:\Programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-07-10 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1235736]

"Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]

"nwiz"="nwiz.exe" [2006-04-27 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

C:\Documents and Settings\Pc04\Start-meny\Programmer\Oppstart\

OpenOffice.org 2.4.lnk - C:\Programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\FELLES~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= C:\PROGRA~1\FELLES~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= C:\PROGRA~1\FELLES~1\ULEADS~1\MPEG\mpegacm.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Documents and Settings\\Pc04\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]

R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-10 1220888]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-10 23296]

R3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 255230]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-10 23296]

S3 pnicml;pnicml;C:\DOCUME~1\Pc04\LOKALE~1\Temp\pnicml.sys [ ]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-10 32000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a576ae0-152d-11dd-920d-001060fb4783}]

\Shell\AutoRun\command - E:\Programs\nu2menu\nu2menu.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

 

2008-10-16 C:\WINDOWS\Tasks\Master CD_DVD Creator.job

- C:\Apps\SMP\MCDCHECK.EXE [2005-11-08 15:26]

 

2008-04-28 C:\WINDOWS\Tasks\Registreringspåminnelse 1.job

- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 18:23]

 

2008-04-28 C:\WINDOWS\Tasks\Registreringspåminnelse 2.job

- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 18:23]

 

2008-04-28 C:\WINDOWS\Tasks\Registreringspåminnelse 3.job

- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 18:23]

 

2008-10-16 C:\WINDOWS\Tasks\Utvidet garanti.job

- C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 13:55]

.

- - - - ORPHANS REMOVED - - - -

 

ShellExecuteHooks-{A11C5AA1-0522-4E2C-8B55-61EC322A00BB} - C:\WINDOWS\system32\geBqQJAQ.dll

Notify-geBqQJAQ - geBqQJAQ.dll

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Pc04\Programdata\Mozilla\Firefox\Profiles\3svuu116.default\

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-16 22:07:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe

C:\Programfiler\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

C:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.4\program\soffice.bin

.

**************************************************************************

.

Completion time: 2008-10-16 22:11:24 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-16 20:11:19

 

Pre-Run: 55 400 333 312 byte ledig

Post-Run: 55,361,630,208 byte ledig

 

228 --- E O F --- 2008-09-17 13:04:03

 

 

Malwarebytes

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database versjon: 1134

Windows 5.1.2600 Service Pack 3

 

16.10.2008 21:55:06

mbam-log-2008-10-16 (21-55-06).txt

 

Skanntype: Rask Skann

Objekter skannet: 42038

Tid tilbakelagt: 5 minute(s), 58 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 9

Registerverdier infisert: 4

Registerfiler infisert: 3

Mapper infisert: 12

Filer infisert: 11

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{13367E9D-76D8-042C-53C2-099593A7087A} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\rhcvfjj0eeen (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\uistrwin (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp antispyware 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6ce7e453 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdpis.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Programfiler\rhcvfjj0eeen (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\rhcvfjj0eeen\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Programfiler\emcipxf\UiStrWin.dll (Trojan.FakeAlert.H) -> Delete on reboot.

C:\Programfiler\rhcvfjj0eeen\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Programfiler\rhcvfjj0eeen\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Programfiler\rhcvfjj0eeen\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Programfiler\rhcvfjj0eeen\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Programfiler\rhcvfjj0eeen\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Programfiler\rhcvfjj0eeen\rhcvfjj0eeen.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pc04\Cookies\erelic.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

 

 

 

Jeg håper jeg gjorde det riktig

[snippsat]

Før vi tar noe manuelt.

Kunne du scannet denne filen her Virustotal

C:\WINDOWS\ibotygidah.exe

Gi tilbakemelding om den finner noe.

[Edian]

Før vi tar noe manuelt.

Kunne du scannet denne filen her Virustotal

C:\WINDOWS\ibotygidah.exe

Gi tilbakemelding om den finner noe.

 

Endret 16. oktober 2008 av Nanophus

[snippsat]

Ok den scanner igjennom alle?

Antivirus Version Last Update Result

AhnLab-V3 2008.10.17.0 2008.10.16 -

AntiVir 7.9.0.4 2008.10.16 -

Authentium 5.1.0.4 2008.10.16 -

Avast 4.8.1248.0 2008.10.15 -

AVG 8.0.0.161 2008.10.16 -

BitDefender 7.2 2008.10.16 -

CAT-QuickHeal 9.50 2008.10.16 -

ClamAV 0.93.1 2008.10.16 -

DrWeb 4.44.0.09170 2008.10.16 -

eSafe 7.0.17.0 2008.10.16 Suspicious File

o.s.v

 

Ser det sånn ut?

[Edian]

Ser slik ut, ja. Og med samme resultatet på alle: "-".

[snippsat]

Du hadde en god del grums dette ble slettet av MBAM og combofix.

Vi trenger ikke ta noe manuelt

Ser bra ut

 

MBAM beholder du og bruker en gang iblant.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

[Edian]

Jeg merket at datamaskinen kjørte mye raskere, så jeg merker at programmene har gjort nytta si. Jeg takker spesielt deg, og de andre her for hjelpen.

You saved my day : D

Takk!

[snippsat]

Ja pratet litt med norbat.

Du har en del filer som er kommet til på samme dato.

Du scannet en av dem "ibotygidah.exe" og den var god.

 

C:\Programfiler\Fellesfiler\uxixyc.bat

C:\Documents and Settings\All Users\Programdata\baju.reg

C:\WINDOWS\system32\apuv.db

C:\WINDOWS\system32\zerofav.dl

C:\Documents and Settings\All Users\Programdata\ezocomicuh.exe

C:\WINDOWS\ijawe.dl

C:\WINDOWS\exec.vbs

C:\WINDOWS\system32\tekow._sy

C:\Programfiler\Fellesfiler\daca.sys

C:\WINDOWS\rigyf.ban

C:\WINDOWS\ibotygidah.exe

C:\WINDOWS\cybinuz.vbs

C:\WINDOWS\wileverawy.db

 

For og være være sikker kan du forandere filendelse på dem til .bak.

Eksp:C:\Programfiler\Fellesfiler\uxixyc.bat.bak

Eventulet scanne flere av dem på virustotal.

Du kan bare la dem være sånn en stund,viss dem ikke har innvirking på noe er vel dett filer du kan slette etter en stund.

 

Se i disse mapper om det er noen filer,viss det er det scann dem på virsutotal.

C:\Programfiler\emcipxf

C:\Documents and Settings\All Users\Programdata\uborovyv

Endret 17. oktober 2008 av SNIPPSAT