_jensen_ Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Jeg bruker ett virus program som heter avast, men skjønner ikke helt åssen det funker. Har fått virus på datan min etter at jeg var så dum å godtok en sånn zip fyr av en fyr i går som hadde virus på datan, men det visste jo ikke jeg før det var forsent. Så nå driver msn å klikker hele tiden og spammer alle mulige folk jeg har på kontaktlisten med disse zip filene med virus og hele skjermen begynner å blinke. Tror jeg skal bli gal, aner ikke hva jeg skal gjøre? Lenke til kommentar
Rulator Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 fjern avast^^ last ned avg free(dette er lettere) og adaware så scanner du pc-en med begge dissene programmene søk på google for å finne avg free og adaware Lenke til kommentar
Zimon Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 AVG antivirus = free.grisoft.com Adaware = www.lavasoft.com Spybot = www.spybotsd.net Last ned disse programmene, koble ut nettverkskabelen fra Pc'en, eller skru av modemet eller noe slikt slik at du ikke har internett tilgang. Fjern Avast som nevnt over og restart PC'en. Installer AVG antivirus, spybot og adaware. Steng MSN helt, høyreklikk på icon nederst i systemtray og velg steng. Koble deg til internet og oppdater alle tre programmene, AVG vil prøve å oppdatere seg selv, men Spybot og Adaware må du klikke på oppdater nå. La alle tre programmene søke igjennom PC'en, start gjerne med AVG først. Stor sannsynligvis at en av de tre vil oppdage og fjerne viruset. Spybot og Adawre er teknisk sett ikke antivirus programmer med anti adware og anti spyware programmer, men de tar litt mer også, samt spørs hva "viruset" du har fått virkelig er for noe. Om ikke dette hjelper så skriv litt mer info her om hva som skjer. Hva heter filen som prøver å bli sendt? Hvor stor er filen? etc etc. Alternativt så kan du laste ned prøveversjonen av NOD32 som i mine øyne er det beste antivirus programmet per dags dato. www.nod32.com. Last det ned. Koble deg fra nettet, avinstaller antivirusprogrammet du har inne (avg eller avast) og så installer nod32. koble deg til nettet igen og oppdater og la NOD32 søke igjennom Pc'en. Merk at NOD32 ikke er noen gratis antivirus, men du har 30 dagers full prøvetid. Fungerer fint for å fjerne noe drit, så kan man avinstallere og legge inn AVG. Evt kjøpe lisens på NOD32. Har selv kjøpt langtidslisens på NOD32 og koser meg med det. Lenke til kommentar
Zeph Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Denne tråden var feilpostet og er blitt flyttet til riktig kategori. Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 (endret) Det var dette som beskrives her, virker som det er vansklig å få det bort? LINK Virker nesten som det er en fil den ikke finner eller noe, så får jeg opp masse sånne "en trojansk hest er funnet!" men nå har jeg jo kjørt virus scanninga opptil flere ganger, det burde vel gå bort snart.. Endret 3. juli 2007 av _jensen_ Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. 8993652[/snapback] Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:12:00, on 04.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinPop\winpop.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\Admin\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis_v2(2).zip\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [RegSweep] "C:\Program Files\RegSweep\RegSweep.exe" -boot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles/2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: system32 - {159AE0F4-E771-4036-B97C-9BAA5E439756} - sysprinters.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6774 bytes Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 (endret) Hei, Kunne du lastet ned denne versjonen av hjt og postet loggen fra den: HJT v. 1.99.1 Edit: Og legg den i en egen mappe på skrivebordet. Før du kjører programmet, høyreklikker du på programnavnet (hijackthis.exe), velg 'Gi nytt navn'. Skriv ett eller annet, eks. 'jensen.exe'. Endret 3. juli 2007 av norbat Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 (endret) Hm, men mulig det er borte nå, er på msn nå og det har ikke begynt å klikke enda. Brukte trojan remover.. http://itpro.no/art/2963.html Vis det ikke er borte sliter jeg, for jeg skjønner ingen ting av disse virusprogrammene, er skikkelig blond på data Endret 3. juli 2007 av _jensen_ Lenke til kommentar
O.J Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Får invitere noen mere datakjente venner hjem da. Sikkert noen som melder seg frivillig hvis du spør. Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 Hei,Kunne du lastet ned denne versjonen av hjt og postet loggen fra den: HJT v. 1.99.1 Edit: Og legg den i en egen mappe på skrivebordet. Før du kjører programmet, høyreklikker du på programnavnet (hijackthis.exe), velg 'Gi nytt navn'. Skriv ett eller annet, eks. 'jensen.exe'. 8994072[/snapback] Post loggen allikevel 8994254[/snapback] Hvilken logg? Skjønner ikke så mye av det du forklarr ovenfor, ja jeg er blond:P Data er ikke min store ting for å si det sånn.. "Kunne du lastet ned denne versjonen av hjt og postet loggen fra den: HJT v. 1.99.1" Det kommer jo virus advarsel når man prøver å laste ned denne da? Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Direktelink til programmet (Vet at siden du kom til i forrige post er rotetet, og det kan være vanskelig å finne nedlastingslinken(e) ) Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 Direktelink til programmet (Vet at siden du kom til i forrige post er rotetet, og det kan være vanskelig å finne nedlastingslinken(e) ) 8994351[/snapback] Okai, men hvordan kan man lage sånn som man trykker på "Klikk for å se/fjerne innholdet nedenfor" så det ikke blir så rotete? Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 (endret) Klikk på 'SKJUL'-taggen, plasser innholdet du skal ha og avslutt ved å klikke på 'SKJUL'-taggen igjen (slik fungerer det i Opera. I IE kan det kanskje hende at det kommer om et tekstfelt der du kan lime inn innholdet) Eller du kan lime inn loggen og skriver i starten: (skjul) og i slutten (/skjul) Bytt ut ( ) med [ ] Endret 3. juli 2007 av norbat Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:37:51, on 04.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\iok2.exe C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\iok2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Admin\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [RegSweep] "C:\Program Files\RegSweep\RegSweep.exe" -boot O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles/2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: system32 - {159AE0F4-E771-4036-B97C-9BAA5E439756} - sysprinters.dll (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': R3 - Default URLSearchHook is missing O21 - SSODL: system32 - {159AE0F4-E771-4036-B97C-9BAA5E439756} - sysprinters.dll (file missing) Kunne også godt tenkt meg å sett loggfilen fra Trojaner Remover (vet dessverre ikke hvordan du finner den, men start programmet og sjekk etter noe som heter logs / rapport e.l..). Husker du hva filen(e) den slettet het? Kunne det være Winpop? Hent deretter DrWeb. Legg det på skrivebordet. Restart i Sikker modus (trykk flere ganger på F8 under oppstart av pc'n. Bruk piltastene til å velge Sikkermodus, klikk Enter-tasten. ) Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon (typisk: C: ) du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 Logg fra Trojaner Remover: Klikk for å se/fjerne innholdet nedenfor ***** NORMAL SCAN FOR ACTIVE MALWARE *****Trojan Remover Ver 6.6.1.2471. For information, email [email protected] [unregistered version] Scan started at: 04.07.2007 16:56:16 Using Database v6821 Operating System: Windows XP Professional Service Pack 2 (Build 2600) Using data directory: C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Admin\My Documents\Simply Super Software\Trojan Remover Logfiles\ Running with Administrator privileges ************************************************** Checking Registry exefile command for modifications Checking Registry comfile command for modifications Checking Registry piffile command for modifications Checking Registry batfile command for modifications Checking Registry regfile command for modifications Checking Registry cmdfile command for modifications Checking Registry scrfile command for modifications ************************************************** 16:56:16: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** 16:56:16: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** 16:56:16: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** 16:56:17: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Explorer.exe - this entry has been left in place ---------- This key's "Userinit" value calls the following program(s): C:\WINDOWS\system32\userinit.exe - this entry has been left in place ---------- This key's "System" value appears to be blank ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name = load The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = IgfxTray Value Data = C:\WINDOWS\system32\igfxtray.exe - this command has been left in place -------------------- Value Name = HotKeysCmds Value Data = C:\WINDOWS\system32\hkcmd.exe - this command has been left in place -------------------- Value Name = Persistence Value Data = C:\WINDOWS\system32\igfxpers.exe - this command has been left in place -------------------- Value Name = SunJavaUpdateSched Value Data = C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - this command has been left in place -------------------- Value Name = SoundMAXPnP Value Data = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe - this command has been left in place -------------------- Value Name = SoundMAX Value Data = C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray - this command has been left in place -------------------- Value Name = The Value Data for this entry appears to be blank -------------------- Value Name = Sony Ericsson PC Suite Value Data = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions - this command has been left in place -------------------- Value Name = RegSweep Value Data = C:\Program Files\RegSweep\RegSweep.exe" -boot - this command has been left in place [file not found to scan] -------------------- Value Name = TrojanScanner Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = Sidebar Value Data = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun - this command has been left in place -------------------- Value Name = ctfmon.exe Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place -------------------- Value Name = MsnMsgr Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place -------------------- Value Name = Skype Value Data = C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - this command has been left in place -------------------- Value Name = MSMSGS Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place -------------------- Value Name = WinPop Value Data = C:\Program Files\WinPop\winpop.exe - appears to contain TROJAN.POPWIN Value Data = C:\Program Files\WinPop\winpop.exe - this command has been removed (no action requested on file) -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key attempts to run the following program(s): Value Name = FFTI Value Data = C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles/2u6dap5q.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} - this command has been left in place -------------------- ************************************************** 16:58:17: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** 16:58:17: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** 16:58:17: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** 16:58:17: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Checking the StubPath calls in the Active Setup\Installed Components registry keys: Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place ---------- Key=>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place ---------- Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place ---------- Key=Windows Sidebar StubPath=C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE - this reference has been left in place [file not found to scan] ---------- Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place ---------- Key={34A19196-274E-4D75-9D30-D7A45A0A4178} StubPath=C:\Program Files\Windows Sidebar\.\re - this reference has been left in place [file not found to scan] ---------- Key={6B9228DA-9C15-419e-856C-19E768A13BDC} StubPath=C:\Program Files\Windows Sidebar\.\re - this reference has been left in place [file not found to scan] ---------- Key={7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={BADA65A0-86B7-462B-B720-CE66655C73F5} StubPath=regsvr32 /s C:\VAIO\.\vs - this reference has been left in place [file not found to scan] ---------- ************************************************** 16:58:19: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Checking DLL files called from the CurrentControlSet\Services Keys: -------------------- Key=Alerter ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place -------------------- Key=AppMgmt ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place -------------------- Key=AudioSrv ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place -------------------- Key=BITS ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place -------------------- Key=Browser ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place -------------------- Key=CryptSvc ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place -------------------- Key=DcomLaunch ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place -------------------- Key=Dhcp ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place -------------------- Key=dmserver ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place -------------------- Key=Dnscache ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place -------------------- Key=ERSvc ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place -------------------- Key=EventSystem ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place -------------------- Key=FastUserSwitchingCompatibility ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=helpsvc ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place -------------------- Key=HidServ ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found) -------------------- Key=HTTPFilter ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place -------------------- Key=lanmanserver ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place -------------------- Key=lanmanworkstation ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place -------------------- Key=LmHosts ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place -------------------- Key=Messenger ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place -------------------- Key=Netman ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place -------------------- Key=Nla ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place -------------------- Key=NtmsSvc ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place -------------------- Key=RasAuto ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place -------------------- Key=RasMan ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place -------------------- Key=RemoteAccess ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place -------------------- Key=RemoteRegistry ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place -------------------- Key=RpcSs ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place -------------------- Key=Schedule ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place -------------------- Key=seclogon ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place -------------------- Key=SENS ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place -------------------- Key=SharedAccess ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place -------------------- Key=ShellHWDetection ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=srservice ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place -------------------- Key=SSDPSRV ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place -------------------- Key=stisvc ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place -------------------- Key=TapiSrv ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place -------------------- Key=TermService ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place -------------------- Key=Themes ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=TrkWks ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place -------------------- Key=upnphost ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place -------------------- Key=usnsvc ServiceDLL=C:\Program Files\MSN Messenger\usnsvc.dll - this reference has been left in place -------------------- Key=W32Time ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place -------------------- Key=WebClient ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place -------------------- Key=winmgmt ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place -------------------- Key=WmdmPmSN ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place -------------------- Key=Wmi ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place -------------------- Key=wscsvc ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place -------------------- Key=wuauserv ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place -------------------- Key=WudfSvc ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place -------------------- Key=WZCSVC ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place -------------------- Key=xmlprov ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place ************************************************** 16:58:25: Scanning ----- SERVICES REGISTRY KEYS ----- Checking files called from the CurrentControlSet\Services Keys: Key=ACPI ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place ---------- Key=aeaudio ImagePath=system32\drivers\aeaudio.sys - this reference has been left in place ---------- Key=aec ImagePath=system32\drivers\aec.sys - this reference has been left in place ---------- Key=AFD ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place ---------- Key=ALG ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place ---------- Key=aspnet_state ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place ---------- Key=AsyncMac ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place ---------- Key=atapi ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place ---------- Key=Atmarpc ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place ---------- Key=audstub ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place ---------- Key=avast! Antivirus ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place ---------- Key=CCDECODE ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place ---------- Key=Cdrom ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place ---------- Key=CiSvc ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place ---------- Key=ClipSrv ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place ---------- Key=COMSysApp ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place ---------- Key=Disk ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place ---------- Key=dmadmin ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place ---------- Key=dmboot ImagePath=System32\drivers\dmboot.sys - this reference has been left in place ---------- Key=dmio ImagePath=System32\drivers\dmio.sys - this reference has been left in place ---------- Key=dmload ImagePath=System32\drivers\dmload.sys - this reference has been left in place ---------- Key=DMusic ImagePath=system32\drivers\DMusic.sys - this reference has been left in place ---------- Key=drmkaud ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place ---------- Key=E1000 ImagePath=system32\DRIVERS\e1000325.sys - this reference has been left in place ---------- Key=Eventlog ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=FltMgr ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place ---------- Key=Ftdisk ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place ---------- Key=Gpc ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place ---------- Key=HTTP ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place ---------- Key=i8042prt ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place ---------- Key=ialm ImagePath=system32\DRIVERS\ialmnt5.sys - this reference has been left in place ---------- Key=Imapi ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place ---------- Key=ImapiService ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place ---------- Key=IntelIde ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place ---------- Key=intelppm ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place ---------- Key=Ip6Fw ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place ---------- Key=IpFilterDriver ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place ---------- Key=IpInIp ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place ---------- Key=IpNat ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place ---------- Key=IPSec ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place ---------- Key=IRENUM ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place ---------- Key=isapnp ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place ---------- Key=Kbdclass ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place ---------- Key=kmixer ImagePath=system32\drivers\kmixer.sys - this reference has been left in place ---------- Key=MidiSyn ImagePath=system32\drivers\MidiSyn.sys - this reference has been left in place ---------- Key=mnmsrvc ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place ---------- Key=Mouclass ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place ---------- Key=MRxDAV ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place ---------- Key=MRxSmb ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place ---------- Key=MSDTC ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place ---------- Key=MSIServer ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place ---------- Key=MSKSSRV ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place ---------- Key=MSPCLOCK ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place ---------- Key=MSPQM ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place ---------- Key=mssmbios ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place ---------- Key=MSTEE ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place ---------- Key=NABTSFEC ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place ---------- Key=NdisIP ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place ---------- Key=NdisTapi ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place ---------- Key=Ndisuio ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place ---------- Key=NdisWan ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place ---------- Key=NetBIOS ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place ---------- Key=NetBT ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place ---------- Key=NetDDE ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place ---------- Key=NetDDEdsdm ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place ---------- Key=Netlogon ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=NtLmSsp ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=NwlnkFlt ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place ---------- Key=NwlnkFwd ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place ---------- Key=PCI ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place ---------- Key=PD0620VID ImagePath=system32\DRIVERS\P0620Vid.sys - this reference has been left in place ---------- Key=pfc ImagePath=system32\drivers\pfc.sys - this reference has been left in place ---------- Key=PlugPlay ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=PolicyAgent ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=PptpMiniport ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place ---------- Key=ProtectedStorage ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=PSched ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place ---------- Key=Ptilink ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place ---------- Key=RasAcd ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place ---------- Key=Rasl2tp ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place ---------- Key=RasPppoe ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place ---------- Key=Raspti ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place ---------- Key=Rdbss ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place ---------- Key=RDPCDD ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place ---------- Key=rdpdr ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place ---------- Key=RDSessMgr ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place ---------- Key=redbook ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place ---------- Key=RpcLocator ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place ---------- Key=rspndr ImagePath=system32\DRIVERS\rspndr.sys - this reference has been left in place ---------- Key=RSVP ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place ---------- Key=SamSs ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=SCardSvr ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place ---------- Key=Secdrv ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place ---------- Key=senfilt ImagePath=system32\drivers\senfilt.sys - this reference has been left in place ---------- Key=SLIP ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place ---------- Key=smwdm ImagePath=system32\drivers\smwdm.sys - this reference has been left in place ---------- Key=SoundMAX Agent Service (default) ImagePath=C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - this reference has been left in place ---------- Key=splitter ImagePath=system32\drivers\splitter.sys - this reference has been left in place ---------- Key=Spooler ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place ---------- Key=sr ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place ---------- Key=Srv ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place ---------- Key=streamip ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place ---------- Key=swenum ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place ---------- Key=swmidi ImagePath=system32\drivers\swmidi.sys - this reference has been left in place ---------- Key=SwPrv ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{20B927CF-1EC5-4EE3-AAB1-50DE78FD4BE7} - this reference has been left in place ---------- Key=sysaudio ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place ---------- Key=SysmonLog ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place ---------- Key=Tcpip ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place ---------- Key=TermDD ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place ---------- Key=TlntSvr ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place ---------- Key=Update ImagePath=system32\DRIVERS\update.sys - this reference has been left in place ---------- Key=UPS ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place ---------- Key=usbaudio ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place ---------- Key=usbccgp ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place ---------- Key=usbehci ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place ---------- Key=usbhub ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place ---------- Key=USBSTOR ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place ---------- Key=usbuhci ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place ---------- Key=VgaSave ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place ---------- Key=VSS ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place ---------- Key=w810bus ImagePath=system32\DRIVERS\w810bus.sys - this reference has been left in place ---------- Key=w810mdfl ImagePath=system32\DRIVERS\w810mdfl.sys - this reference has been left in place ---------- Key=w810mdm ImagePath=system32\DRIVERS\w810mdm.sys - this reference has been left in place ---------- Key=w810mgmt ImagePath=system32\DRIVERS\w810mgmt.sys - this reference has been left in place ---------- Key=w810obex ImagePath=system32\DRIVERS\w810obex.sys - this reference has been left in place ---------- Key=Wanarp ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place ---------- Key=wdmaud ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place ---------- Key=WmiApSrv ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place ---------- Key=WMPNetworkSvc ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place ---------- Key=WSTCODEC ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place ---------- Key=WudfPf ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place ---------- Key=WudfRd ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place ---------- ************************************************** 16:58:49: Scanning -----VXD ENTRIES----- Checking VMM32 VxD files being loaded ************************************************** 16:58:49: Scanning ----- WINLOGON\NOTIFY DLLS ----- Checking DLLs called from the Winlogon\Notify key: Key=crypt32chain DLLName=crypt32.dll - this reference has been left in place ---------- Key=cryptnet DLLName=cryptnet.dll - this reference has been left in place ---------- Key=cscdll DLLName=cscdll.dll - this reference has been left in place ---------- Key=igfxcui DLLName=igfxdev.dll - this reference has been left in place ---------- Key=ScCertProp DLLName=wlnotify.dll - this reference has been left in place ---------- Key=Schedule DLLName=wlnotify.dll - this reference has been left in place ---------- Key=sclgntfy DLLName=sclgntfy.dll - this reference has been left in place ---------- Key=SensLogn DLLName=WlNotify.dll - this reference has been left in place ---------- Key=termsrv DLLName=wlnotify.dll - this reference has been left in place ---------- Key=wlballoon DLLName=wlnotify.dll - this reference has been left in place ---------- ************************************************** 16:58:50: Scanning ----- CONTEXTMENUHANDLERS ----- Key = Offline Files CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03} %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place ---------- Key = Open With CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- Key = Open With EncryptionMenu CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- Key = Trojan Remover CLSID = {52B87208-9CCF-42C9-B88E-069281105805} C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place ---------- Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- ************************************************** 16:58:50: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F01-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F02-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {66742402-F9B9-11D1-A202-0000F81FEDEE} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- ************************************************** 16:58:51: Scanning ----- BROWSER HELPER OBJECTS ----- Key = {45AD732C-2CE2-4666-B366-B2214AD57A49} C:\Program Files\Desktop Sidebar\sbhelp.dll - this Browser Helper Object has been left in place ---------- Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - this Browser Helper Object has been left in place ---------- ************************************************** 16:58:51: Scanning ----- SHELLSERVICEOBJECTS ----- Key = PostBootReminder CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9} %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place ---------- Key = CDBurn CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9} %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place ---------- Key = WebCheck CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} %SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place ---------- Key = SysTray CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153} C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place ---------- Key = WPDShServiceObj CLSID = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place ---------- Key = system32 CLSID = {159AE0F4-E771-4036-B97C-9BAA5E439756} sysprinters.dll - this ShellServiceObject has been left in place ---------- ************************************************** 16:58:51: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1} Comment = Browseui preloader File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- Value = {8C7461EF-2B13-11d2-BE35-3078302C2030} Comment = Component Categories cache daemon File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- ************************************************** 16:58:52: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** 16:58:52: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************** 16:58:52: Scanning ----- SECURITY PROVIDER DLLS ----- msapsspc.dll - this entry has been left in place ---------- schannel.dll - this entry has been left in place ---------- digest.dll - this entry has been left in place ---------- msnsspc.dll - this entry has been left in place ---------- ************************************************** 16:58:52: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: desktop.ini - this file is expected and has been left in place -------------------- ************************************************** 16:58:52: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for Admin [C:\Documents and Settings\Admin\START MENU\PROGRAMS\STARTUP] The Startup Group for Admin attempts to load the following file(s): desktop.ini - this file is expected and has been left in place ************************************************** 16:58:52: Scanning ----- SCHEDULED TASKS ----- Taskname: RegSweep Scheduled Scan.job File: C:\RegSweep\RegSweep.exe Parameters: scheduled Next Run Time: 05.07.2007 03:30:00 Status: The task is ready to run at its next scheduled time Creator: Admin Comments: Runs RegSweep to optimize your registry. C:\RegSweep\RegSweep.exe - this entry has been left in place ---------- ************************************************** 16:58:52: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- ************************************************** 16:58:53: Scanning ------ DOWNLOADED PROGRAM FILES ------ The following files are located in the DOWNLOADED PROGRAM FILES directory: C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place C:\WINDOWS\Downloaded Program Files\KooPlayer.ocx - this file has been left in place ************************************************** 16:58:53: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe -------------------- C:\WINDOWS\Explorer.EXE -------------------- C:\WINDOWS\system32\igfxtray.exe -------------------- C:\WINDOWS\system32\hkcmd.exe -------------------- C:\WINDOWS\system32\igfxpers.exe -------------------- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe -------------------- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe -------------------- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -------------------- C:\Program Files\Windows Sidebar\sidebar.exe -------------------- C:\WINDOWS\system32\ctfmon.exe -------------------- C:\Program Files\Skype\Phone\Skype.exe -------------------- C:\Program Files\Messenger\msmsgs.exe -------------------- C:\Program Files\WinPop\winpop.exe - appears to contain TROJAN.POPWIN C:\Program Files\WinPop\winpop.exe - running process located and terminated -------------------- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe -------------------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -------------------- C:\Program Files\Windows Sidebar\sidebar.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\Common Files\Teleca Shared\Generic.exe -------------------- C:\Program Files\Skype\Plugin Manager\SkypePM.exe -------------------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -------------------- C:\WINDOWS\system32\wuauclt.exe -------------------- C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe -------------------- C:\Program Files\Mozilla Firefox\firefox.exe -------------------- C:\WINDOWS\Explorer.EXE -------------------- C:\DOCUME~1\Admin\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis_v2(2).zip\HiJackThis_v2.exe -------------------- C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\enl16C.exe FileSize: 1 876 544 [This is a Trojan Remover component] -------------------- ************************************************** 17:00:26: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** 17:00:26: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** 17:00:26: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.sol.no/ ************************************************** === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 04.07.2007 17:00:26 ************************************************************ Lenke til kommentar
_jensen_ Skrevet 3. juli 2007 Forfatter Del Skrevet 3. juli 2007 (endret) F***! Nå er jeg lei.. Det er jo ikke borte enda, plutselig så begynte det å blinke her igjen. Ååh! Gidder ikke mer, skjønner ikke noe av de virusprogrammene uansett.... Å hva er dette viruset "orm som heter Kelvir" det var det han jeg fikk viruset av sa det var.. Endret 3. juli 2007 av _jensen_ Lenke til kommentar
norbat Skrevet 3. juli 2007 Del Skrevet 3. juli 2007 (endret) Det du fjernet med Trojan Remover har lite med viruproblemet ditt. La oss prøve en enkel variant først: Hent dette fixet: ... og pakk det ut på skrivebordet. Åpne mappa og kjør programmet (msnfix.bat). Følg veiledningen. Hold MSN lukket under fixet. Veiledningen er som følger: Velg språk: Trykk E, deretter enter-tasten Velg R, deretter enter-tasten. Programmet vil nå starte et søk. Velg R igjen for å starte rensingen (hvis det finner noe under søket) Gi tilbakemelding om det fant og renset noe. Last ned DrWeb (se tidligere post) og følge veiledningen som er gitt. Ikke gi opp Endret 7. juli 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå