trygveaa Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 (endret) Har fått virus/malware på PCen min. Verken Avast! eller AVG opptager det, men jeg har tatt en online scan med Trend micro, og den sier fra om TROJ_VUNDO.WZ i filen C:\WINDOWS\system32\vtsqn.dll. Den har vært i et par andre filer også, men de har jeg klart å fjerne. Kommer også noen ganger en infisert fil i Temp eller Temporary Internet Files mappen. Jeg har prøvd mye forskjellig, men klarer ikke å fjerne vtsqn.dll. Noen som vet hvordan jeg kan fjerne den? Jeg har ikke merket noe særlig galt som har skjedd med PCen, bortsett fra at det i blant kommer opp en reklameside i IE selv om IE ikke kjører (bruker ikke IE til vanlig). Har lest at det er det dette viruset gjør. Her er en HijackThis log. Fint hvis dere kan se gjennom den, og si fra om det er noe galt, og noe jeg bør fjerne. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:35:16, on 26.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Winamp\winamp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Opera 9\Opera.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Trygve\Desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS\system32\ewosbect.dll",setvm O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8240 bytes Endret 30. mars 2007 av trygveaa Lenke til kommentar
norbat Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 (endret) Hei, trygveaa Last ned Vundofix til skrivebordet Dobbeltklikk på Vundufix.exe Klikk på Scan for Vundo-knappen Klikk på Remove Vundo-knappen Svar ja og ok på de vinduene som kommer Det lages en logg (C:\vundofix.txt) som du poster senere. Følg deretter langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 (NB! Husk å forandre programnavnet hijackthis.exe til noe annet, eks. test.exe) Det er altså loggene fra Vundofix, SAS samt en ny HJT-logg som du skal poste. Endret 26. mars 2007 av norbat Lenke til kommentar
trygveaa Skrevet 26. mars 2007 Forfatter Del Skrevet 26. mars 2007 Tusen takk for hjelp. Jeg har nå gjort alt du sa, og legger ved logger. C:\WINDOWS\system32\oqtss.bak1 C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\sstqo.dll C:\WINDOWS\system32\vtsqn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\oqtss.bak1 C:\WINDOWS\system32\oqtss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\oqtss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\sstqo.dll C:\WINDOWS\system32\sstqo.dll Has been deleted! Performing Repairs to the registry. Done! SUPERAntiSpyware Scan Log Generated 03/27/2007 at 00:04 AM Application Version : 3.6.1000 Core Rules Database Version : 3207 Trace Rules Database Version: 1217 Scan type : Complete Scan Total Scan Time : 00:28:57 Memory items scanned : 162 Memory threats detected : 0 Registry items scanned : 5072 Registry threats detected : 14 File items scanned : 41488 File threats detected : 8 Adware.Vundo Variant HKLM\Software\Classes\CLSID\{1C7864E8-5CE5-430B-9368-6C942EB1C93E} HKCR\CLSID\{1C7864E8-5CE5-430B-9368-6C942EB1C93E} HKCR\CLSID\{1C7864E8-5CE5-430B-9368-6C942EB1C93E}\InprocServer32 HKCR\CLSID\{1C7864E8-5CE5-430B-9368-6C942EB1C93E}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\PMKHH.DLL HKLM\Software\Classes\CLSID\{5E921F5D-3434-46A0-9ED9-FF2088E1F545} HKCR\CLSID\{5E921F5D-3434-46A0-9ED9-FF2088E1F545} HKCR\CLSID\{5E921F5D-3434-46A0-9ED9-FF2088E1F545}\InprocServer32 HKCR\CLSID\{5E921F5D-3434-46A0-9ED9-FF2088E1F545}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDCYW.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C7864E8-5CE5-430B-9368-6C942EB1C93E} Trojan.WinFixer HKLM\Software\Classes\CLSID\{36BE9B26-F394-49FF-BB2F-D7F23B80EA59} HKCR\CLSID\{36BE9B26-F394-49FF-BB2F-D7F23B80EA59} HKCR\CLSID\{36BE9B26-F394-49FF-BB2F-D7F23B80EA59}\InprocServer32 HKCR\CLSID\{36BE9B26-F394-49FF-BB2F-D7F23B80EA59}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\SSTQO.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36BE9B26-F394-49FF-BB2F-D7F23B80EA59} Adware.VSToolbar C:\Program Files\VSAdd-in Trojan.Downloader-UniBBB C:\WINDOWS\SYSTEM32\XXYVUSR.DLL BearShare File Sharing Client H:\SERIAL, CRACKS\BEARSHARE.EXE H:\SERIAL, CRACKS\BEARSHAREPROV4.5.1CRACKLIPBUSTER\LIP-BSPRO-4.5.1\BEARSHARE.EXE Trojan.Zlob Downloader H:\ÅPNEDE FILER FRA OPERA (GAMMEL)\VCODEC_VER3.314.EXE Logfile of HijackThis v1.99.1 Scan saved at 00:10:34, on 27.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Prevx1\PXAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\Prevx1\PXConsole.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Opera 9\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\test.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {29382FB8-7A2F-492C-B371-AFA3C573FD22} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {93CEEAC9-CB5A-4AF0-8840-3631811A1922} - (no file) O2 - BHO: (no name) - {FBE04E1B-E17E-486F-98FB-C7AEAC094202} - C:\WINDOWS\system32\xnwmnwee.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcaxvw - C:\WINDOWS\ O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) Lenke til kommentar
norbat Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {29382FB8-7A2F-492C-B371-AFA3C573FD22} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {93CEEAC9-CB5A-4AF0-8840-3631811A1922} - (no file) O2 - BHO: (no name) - {FBE04E1B-E17E-486F-98FB-C7AEAC094202} - C:\WINDOWS\system32\xnwmnwee.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O20 - Winlogon Notify: efcaxvw - C:\WINDOWS\ O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll (file missing) Kjør deretter på nytt Vundofix. Trenger ikke en ny logg om den ikke finner noe. Vil se en ny HJT-logg når du har gjort det over. Lenke til kommentar
trygveaa Skrevet 26. mars 2007 Forfatter Del Skrevet 26. mars 2007 Tusen takk for hjelpen igjen. Ser ut som at den er fjernet nå. Logfile of HijackThis v1.99.1 Scan saved at 01:37:03, on 27.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Prevx1\PXAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Prevx1\PXConsole.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\test.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0DA2C0B2-5C69-4A32-B7F9-93D6E61A274C}: NameServer = 10.0.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing) Lenke til kommentar
norbat Skrevet 27. mars 2007 Del Skrevet 27. mars 2007 Loggen er ren Du bør 'nullstille' gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Får du spywareproblemer ved en senere anledning, vet du hvilket forum du skal henvende deg til Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå