-Erik- Skrevet 8. august 2007 Del Skrevet 8. august 2007 (endret) Ja, jeg har hvert litt uheldig å fått en såkalt "W32/Antix.H.Worm". Jeg har scannet pc ørten ganger med Norman Virus Control V.5.90, men ingenting blir funnet. Men når jeg prøver sånn som Nanoscan, totalscan, eset, og de derre online scannerene så står det at jeg har fått virus: "W32/Antix.H.Worm". Skjønner ikke hvorfor norman ikke finner det... Det står at virus programmet er "Active and Up-To-Date". Tror jeg har funnet viruset manuelt ved å klikke meg inn på Min Datamaskin, Men har selvfølgelig ikke åpnet. Jeg antar at det er i en fil med navnet "SVCHOST.EXE" Er det lurt å slette en sånn fil, når det ligger inne på Windows-System32? Noen Tips om hvordan jeg kan effektivt få fjernet det? HJELP! Endret 9. august 2007 av -Erik- Lenke til kommentar
norbat Skrevet 8. august 2007 Del Skrevet 8. august 2007 Følg langversjonen i følgende tråd: https://www.diskusjon.no/index.php?showtopic=691246. Post loggene her i din egen tråd. Lenke til kommentar
-Erik- Skrevet 8. august 2007 Forfatter Del Skrevet 8. august 2007 (endret) Logger SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 08/08/2007 at 01:35 PM Application Version : 3.9.1008 Core Rules Database Version : 3281 Trace Rules Database Version: 1292 Scan type : Complete Scan Total Scan Time : 00:44:33 Memory items scanned : 468 Memory threats detected : 0 Registry items scanned : 4943 Registry threats detected : 0 File items scanned : 38098 File threats detected : 2 Adware.Tracking Cookie C:\Documents and Settings\ERIK\Cookies\[email protected][1].txt C:\Documents and Settings\ERIK\Cookies\erik@imrworldwide[1].txt HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:51:04, on 08.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ixzrsobuum\svchost.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Mio Technology\MioSync\mioSync.exe C:\Programfiler\Norman\NPF\NPFMSG.EXE C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\ixzrsobuum\spark2.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\test\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" O4 - HKLM\..\Run: [navapp] C:\Programfiler\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\ixzrsobuum\svchost.exe O4 - HKLM\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe O4 - HKCU\..\Run: [areslite] "C:\Programfiler\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\ixzrsobuum\svchost.exe O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MioSync.lnk = C:\Programfiler\Mio Technology\MioSync\mioSync.exe O4 - Global Startup: NPF Messenger.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE -- End of file - 10166 bytes Jeg tror jeg har funnet ormen: C:\WINDOWS\system32\ixzrsobuum\svchost.exeSkal Jeg slette den? Jeg Gjorde det, og deretter tok en Nanoscan, og risikoen er sittet ned til medium og den er latent. Skal jeg slette de to andre "ixzrsobuum" filene? altså: O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe O4 - HKLM\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe Det er meningen at disse filene skal starte ved neste oppstart, men på de to kommer det opp dette på fil:"??????e" På begge. Jeg gikk innpå CCleaner-verktøy-oppstart. De ligger i samme mappe, som der jeg fant ormen... Endret 8. august 2007 av -Erik- Lenke til kommentar
norbat Skrevet 8. august 2007 Del Skrevet 8. august 2007 Du har flere typer infeksjoner, så gjør følgende: Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file) O4 - HKLM\..\Run: [navapp] C:\Programfiler\NavExcel\NavHelper\v2.0.4d\navapp.exe O4 - HKLM\..\Run: [svchost] C:\WINDOWS\system32\ixzrsobuum\svchost.exe O4 - HKLM\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\ixzrsobuum\svchost.exe O4 - HKCU\..\Run: [spark2] C:\WINDOWS\system32\ixzrsobuum\spark2.exe Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Folders to delete: C:\WINDOWS\system32\ixzrsobuum C:\Programfiler\NavExcel Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + ny HJT-logg. Lenke til kommentar
-Erik- Skrevet 8. august 2007 Forfatter Del Skrevet 8. august 2007 (endret) =========SLETTET!======== Endret 8. august 2007 av -Erik- Lenke til kommentar
-Erik- Skrevet 8. august 2007 Forfatter Del Skrevet 8. august 2007 (endret) Oppdaterte Logger: HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:38:47, on 08.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe C:\Programfiler\QuickTime\qttask.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\iTunes\iTunesHelper.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Mio Technology\MioSync\mioSync.exe C:\Programfiler\Norman\NPF\NPFMSG.EXE C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\internet explorer\iexplore.exe C:\Programfiler\Trend Micro\test\test.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar5.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [areslite] "C:\Programfiler\Ares Lite Edition\AresLite.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MioSync.lnk = C:\Programfiler\Mio Technology\MioSync\mioSync.exe O4 - Global Startup: NPF Messenger.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE -- End of file - 9696 bytes ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 07-08-07.6 - "VIBEKE HANSEN" 2007-08-08 16:31:38.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.126 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-08 16:21 <DIR> dr-h----- C:\DOCUME~1\VIBEKE~1\Siste 2007-08-08 15:58 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-08 13:50 <DIR> d-------- C:\Programfiler\Trend Micro 2007-08-08 12:48 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2007-08-08 12:48 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-08 12:48 <DIR> d-------- C:\DOCUME~1\VIBEKE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-08 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-08-08 12:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Yahoo! Companion 2007-08-08 12:43 <DIR> d-------- C:\Programfiler\CCleaner 2007-08-08 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Spyware Terminator 2007-08-08 11:49 <DIR> d-------- C:\Programfiler\Crawler 2007-08-07 17:48 <DIR> d-------- C:\Programfiler\Panda Security 2007-08-07 14:23 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-08-07 14:22 <DIR> d-------- C:\DOCUME~1\VIBEKE~1\.housecall6.6 2007-08-06 17:29 <DIR> d-------- C:\Programfiler\EsetOnlineScanner 2007-08-06 16:10 <DIR> d-------- C:\WINDOWS\system32\Panda Software (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 14:19 --------- d-------- C:\Programfiler\Google 2007-07-04 14:53 233472 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-07-04 14:53 221184 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-04 14:28 225356 --a------ C:\WINDOWS\system32\lnod32apiW.dll 2007-07-04 14:28 196684 --a------ C:\WINDOWS\system32\lnod32apiA.dll 2007-07-04 13:35 --------- d-------- C:\Programfiler\DivX 2007-06-29 17:32 16896 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll 2007-06-13 11:10 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe 2007-05-16 17:19 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:19 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:19 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:19 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:19 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:19 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 11:01 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2006-10-15 16:34 284 --a--c--- C:\DOCUME~1\VIBEKE~1\PROGRA~1\ViewerApp.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wizard"="" [] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-04-20 10:47] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-04-20 10:43] "SoundMan"="SOUNDMAN.EXE" [2004-04-28 17:19 C:\WINDOWS\SOUNDMAN.EXE] "EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 04:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 14:02] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "NWEReboot"="" [] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-04-27 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "areslite"="C:\Programfiler\Ares Lite Edition\AresLite.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] "EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-14 04:00] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 14:20] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] MioSync.lnk - C:\Programfiler\Mio Technology\MioSync\mioSync.exe [2006-07-02 15:26:34] NPF Messenger.lnk - C:\Programfiler\Norman\NPF\NPFMSG.EXE [2004-11-12 18:09:42] Picture Package Menu.lnk - C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-04-24 09:17:44] Picture Package VCD Maker.lnk - C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-04-24 09:17:37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys R1 SASDIFSV;SASDIFSV;\??\C:\Programfiler\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;\??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys R2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE R3 SASENUM;SASENUM;\??\C:\Programfiler\SUPERAntiSpyware\SASENUM.SYS R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys S1 lusbaudio;Logitech USB-mikrofon;C:\WINDOWS\system32\drivers\OVSound2.sys S1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys S3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys S3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys S3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys S3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\ZDPSp50.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2007-07-28 17:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 16:34:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000002da scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-08 16:36:22 C:\ComboFix-quarantined-files.txt ... 2007-08-08 16:35 --- E O F --- Jeg gjorde nettopp en NanoScan og Resultatet var følgende: Your Pc Doesn't Have Any Viruses. Og virus programmet fungerer akkurat som det skal. Har bare en ting og fortelle deg: TUSEN TAKK FOR HJELPEN!! Endret 8. august 2007 av -Erik- Lenke til kommentar
norbat Skrevet 8. august 2007 Del Skrevet 8. august 2007 HJT-loggen ser da også ren ut Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå