Error Lars Skrevet 7. januar 2008 Del Skrevet 7. januar 2008 (endret) Etter jeg at jeg var på et lan i romjulen har jeg visst blitt infisert med noe Trojanere og annen dritt. En annen på lanet fant noen virus så jeg tenkte jeg skulle ta en scan med AVG. Fant 4 forskjellige virus. Det virket som om jeg klarte og bli kvitt dem. Scannet en gang til en stund etter og fant ingenting. Men etter 1-2 dager dukker det opp dritt igjen. Jeg kan fjerne det, alt virker fint men det kommer tilbake etter en stund. Nå har også snarveier til AVG og Zonealarm blitt tullet med sånn at jeg må gå inn til mappen for å starte AVG controllcenter. Noe som har kalt seg Msn.exe har mast om å komme seg på nettet. Men å gå rett på AVG test center funker fint. Også har det dukket opp enormt mye dritt i det siste når jeg skanner. Her er et screenshot fra AVG Der var jeg ferdig med scanningen. Her er logs fra Hijackthis, Combofix og SAS Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:56:59, on 07.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Logitech\Gaming Software\LWEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr .Exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\PROGRAM FILES\Trend Micro\HijackThis\Jack.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programfiler\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr .Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: cbaayvv - cbaayvv.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: HUMMER 4x4 Drivers Auto Removal (pr2anrjb) (pr2anrjb) - 1C - C:\WINDOWS\system32\pr2anrjb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6519 bytes Combofix log: ComboFix 08-01-07.5 - 2008-01-07 18:46:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1461 [GMT 1:00] Running from: C:\Documents and Settings\Ola Nordmann\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\dgjlm.ini2 . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2008-01-07 18:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-07 17:14 . 2008-01-07 17:15 d-------- C:\Programfiler\SUPERAntiSpyware 2008-01-07 17:14 . 2008-01-07 17:14 d-------- C:\Documents and Settings\Magne Heian\Programdata\SUPERAntiSpyware.com 2008-01-07 17:14 . 2008-01-07 17:14 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-01-07 17:10 . 2008-01-07 17:36 dr-h----- C:\Documents and Settings\Magne Heian\Siste 2008-01-07 17:09 . 2008-01-07 17:09 d-------- C:\Programfiler\CCleaner 2008-01-07 09:57 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-01-07 09:57 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-01-07 09:56 . 2008-01-07 09:56 d-------- C:\Programfiler\Logitech 2008-01-07 09:56 . 2008-01-07 09:56 d-------- C:\Programfiler\Fellesfiler\Logitech 2008-01-03 20:48 . 2008-01-07 18:54 6,660,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-03 20:48 . 2008-01-07 18:52 85,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-03 20:46 . 2008-01-03 20:46 d-------- C:\Programfiler\ZoneAlarmSB 2008-01-03 20:45 . 2008-01-03 20:45 d-------- C:\Documents and Settings\All Users\Programdata\MailFrontier 2008-01-03 20:45 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-01-03 20:45 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-01-03 20:45 . 2008-01-03 20:46 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-02 08:46 . 2008-01-04 21:10 d-------- C:\Programfiler\DAEMON Tools Lite 2008-01-02 08:46 . 2008-01-02 08:51 d-------- C:\Documents and Settings\Magne Heian\Programdata\DAEMON Tools 2008-01-02 07:57 . 2008-01-07 16:21 d-------- C:\PROGRAM FILES 2008-01-02 07:56 . 2008-01-02 07:56 d-------- C:\Programfiler\1C 2008-01-01 17:13 . 2008-01-01 17:13 d-------- C:\Documents and Settings\Magne Heian\Programdata\vlc 2008-01-01 16:44 . 2008-01-01 17:13 d-------- C:\Documents and Settings\Magne Heian\Programdata\dvdcss 2008-01-01 16:41 . 2008-01-01 16:41 d-------- C:\Programfiler\VideoLAN 2008-01-01 16:33 . 2008-01-01 16:33 d-------- C:\New Folder 1 2008-01-01 12:01 . 2008-01-01 12:01 d-------- C:\Documents and Settings\Magne Heian\Programdata\gslist 2007-12-31 20:27 . 2007-12-31 20:27 d-------- C:\Programfiler\Teamspeak2_RC2 2007-12-31 20:27 . 2007-12-16 12:07 d-------- C:\Documents and Settings\Magne Heian\Programdata\teamspeak2 2007-12-31 20:27 . 2007-12-31 20:27 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2007-12-31 19:59 . 2007-12-18 19:52 d-------- C:\Programfiler\mIRC 2007-12-31 19:59 . 2007-12-18 20:02 d-------- C:\Documents and Settings\Magne Heian\Programdata\mIRC 2007-12-31 18:04 . 2007-12-31 18:16 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-31 17:59 . 2007-12-28 04:02 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-12-31 17:59 . 2007-12-28 04:02 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-12-31 17:59 . 2007-12-28 04:02 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-12-31 17:39 . 2007-12-31 17:39 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2007-12-31 17:39 . 2007-12-31 18:04 35,234 --a------ C:\WINDOWS\DIIUnin.dat 2007-12-31 17:39 . 2007-12-31 17:39 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2007-12-30 22:18 . 2007-12-30 22:18 d-------- C:\temp 2007-12-30 22:18 . 2007-12-30 22:18 d-------- C:\Documents and Settings\All Users\Programdata\Media Center Programs 2007-12-30 22:06 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-12-30 22:06 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-12-30 22:06 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-12-30 22:06 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-12-30 21:56 . 2007-12-30 21:56 d-------- C:\Documents and Settings\Magne Heian\Programdata\InstallShield 2007-12-27 00:53 . 2008-01-03 20:35 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-19 03:06 . 2007-12-19 03:06 d-------- C:\Programfiler\Debugging Tools for Windows 2007-12-17 13:55 . 2007-12-17 13:55 d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared 2007-12-17 13:55 . 2007-12-17 13:55 d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems 2007-12-12 20:41 . 2007-12-17 13:58 d-------- C:\Programfiler\Fellesfiler\Adobe 2007-12-11 21:35 . 2007-12-11 21:36 d-------- C:\WINDOWS\system32\nb-no 2007-12-11 21:30 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-12-10 01:58 . 2007-12-10 01:58 d-------- C:\WINDOWS\Sun 2007-12-08 21:09 . 2004-06-14 16:52 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-08 21:08 . 2004-01-29 07:32 44,544 -ra------ C:\WINDOWS\system32\drivers\getnd5b.sys 2007-12-08 21:08 . 2003-07-17 09:10 7,040 -ra------ C:\WINDOWS\system32\ntsim.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-07 17:54 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\OpenOffice.org2 2008-01-07 16:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-01-07 14:21 --------- d---a-w C:\Documents and Settings\Magne Heian\Programdata\AVG7 2008-01-07 10:01 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\uTorrent 2008-01-06 20:46 --------- d-----w C:\Programfiler\DAEMON Tools 2008-01-06 19:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-02 15:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-02 07:43 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-28 02:47 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\Skype 2007-12-27 23:09 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\skypePM 2007-12-17 12:53 --------- d-----w C:\Programfiler\EPSON 2007-12-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\UDL 2007-12-10 22:32 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-12-10 10:07 --------- d-----w C:\Programfiler\Java 2007-12-09 21:37 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\Ventrilo 2007-12-06 14:12 22,328 ----a-w C:\Documents and Settings\Magne Heian\Programdata\PnkBstrK.sys 2007-12-06 12:17 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\InstallShield Installation Information 2007-12-06 12:05 --------- d-----w C:\Programfiler\DIFX 2007-12-06 12:04 --------- d-----w C:\Programfiler\AGEIA Technologies 2007-12-06 12:01 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\LimeWire 2007-12-05 20:22 --------- d--h--r C:\Documents and Settings\Magne Heian\Programdata\SecuROM 2007-12-05 07:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7 2007-12-04 17:26 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-12-04 17:24 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-12-04 17:24 --------- d-----w C:\Programfiler\Windows Live 2007-12-04 17:21 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-12-04 17:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-12-04 16:38 --------- d-----w C:\Documents and Settings\Magne Heian\Programdata\DivX 2007-12-04 15:52 --------- d-----w C:\Programfiler\EPSON Print CD 2007-12-04 15:40 --------- d-----w C:\Programfiler\Realtek Sound Manager 2007-12-04 15:40 --------- d-----w C:\Programfiler\AvRack 2007-12-04 15:38 --------- d-----w C:\Programfiler\ABIT 2007-12-04 15:37 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-12-04 15:32 --------- d-----w C:\Programfiler\OpenOffice.org 2.3 2007-12-04 15:31 --------- d-----w C:\Programfiler\LimeWire 2007-12-04 15:30 --------- d-----w C:\Programfiler\uTorrent 2007-12-04 15:30 --------- d-----w C:\Programfiler\Fellesfiler\Java 2007-12-04 15:30 --------- d-----w C:\Programfiler\DivX 2007-12-04 15:29 --------- d-----w C:\Programfiler\Skype 2007-12-04 15:29 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2007-12-04 15:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2007-12-04 15:28 --------- d-----w C:\Documents and Settings\LocalService\Programdata\AVG7 2007-12-04 15:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2007-12-04 15:27 --------- d-----w C:\Programfiler\ATI Technologies 2007-12-04 15:25 --------- d-----w C:\Programfiler\VIA 2007-12-04 15:18 --------- d-----w C:\Programfiler\microsoft frontpage 2007-12-04 15:17 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-12-04 15:16 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-12-04 15:16 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-12-04 15:08 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-12-04 15:08 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . <pre> ----a-w 1,695,830 2008-01-04 10:53:22 C:\Programfiler\ABIT\ABIT uGuru\uGuru .exe ----a-w 39,792 2008-01-04 10:53:21 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 167,368 2008-01-01 18:14:07 C:\Programfiler\DAEMON Tools\daemon .exe ----a-w 579,072 2007-12-29 12:49:15 C:\Programfiler\Grisoft\AVG7\avgcc .exe ----a-w 132,496 2008-01-04 10:53:18 C:\Programfiler\Java\jre1.6.0_03\bin\jusched .exe ----a-w 21,760,296 2007-12-27 12:38:46 C:\Programfiler\Skype\Phone\Skype .exe ----a-w 5,724,184 2008-01-04 10:53:31 C:\Programfiler\Windows Live\Messenger\MsnMsgr .Exe ----a-w 919,016 2008-01-04 10:53:25 C:\Programfiler\Zone Labs\ZoneAlarm\zlclient .exe ----a-w 15,360 2008-01-03 19:35:24 C:\WINDOWS\system32\ctfmon .exe ----a-w 99,840 2008-01-04 10:53:21 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2 .EXE </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-01-03 20:46 262144 --a------ C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-03 20:46 262144] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [ ] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr .exe" [2008-01-04 11:53 5724184] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ] "SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:23 67584 C:\WINDOWS\SOUNDMAN.EXE] "Start WingMan Profiler"="C:\Programfiler\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-05 09:50 219136] C:\Documents and Settings\Magne Heian\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 05:43:54] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbaayvv] cbaayvv.dll R0 pe3anrjb;HUMMER 4x4 Environment Driver (pe3anrjb);C:\WINDOWS\system32\drivers\pe3anrjb.sys [2007-10-29 13:28] R0 ps7anrjb;HUMMER 4x4 Synchronization Driver (ps7anrjb);C:\WINDOWS\system32\drivers\ps7anrjb.sys [2007-10-29 13:28] R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-08-04 13:56] R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-05-18 09:55] R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2004-01-29 07:32] S2 pr2anrjb;HUMMER 4x4 Drivers Auto Removal (pr2anrjb);C:\WINDOWS\system32\pr2anrjb.exe svc [] S3 Memctl;Memctl;C:\Programfiler\ABIT\ABIT uGuru\Memctl.sys [2001-11-29 19:49] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e217910-bbb9-11dc-b322-00508def2b1d}] \Shell\AutoRun\command - L:\autorun.exe \Shell\DirectX\command - L:\DirectX\DXSETUP.exe \Shell\install\command - L:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b45aee05-a28d-11dc-9543-00e04c015586}] \Shell\AutoRun\command - K:\autorun.exe \Shell\DirectX\command - K:\DirectX\DXSETUP.exe \Shell\install\command - K:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a5f978-bb00-11dc-b681-00508def2b1d}] \Shell\AutoRun\command - K:\launcher.exe . Contents of the 'Scheduled Tasks' folder "2008-01-07 17:49:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 18:54:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-07 18:56:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-07 17:55:59 . 2008-01-01 02:03:40 --- E O F --- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/07/2008 at 06:07 PM Application Version : 3.9.1008 Core Rules Database Version : 3375 Trace Rules Database Version: 1369 Scan type : Complete Scan Total Scan Time : 00:51:27 Memory items scanned : 497 Memory threats detected : 0 Registry items scanned : 4309 Registry threats detected : 12 File items scanned : 48302 File threats detected : 2 Adware.Vundo Variant HKLM\Software\Classes\CLSID\{6BDB17C9-8CB2-4682-A3BF-63BB6CC57034} HKCR\CLSID\{6BDB17C9-8CB2-4682-A3BF-63BB6CC57034} HKCR\CLSID\{6BDB17C9-8CB2-4682-A3BF-63BB6CC57034}\InprocServer32 HKCR\CLSID\{6BDB17C9-8CB2-4682-A3BF-63BB6CC57034}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\MLJGD.DLL HKLM\Software\Classes\CLSID\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} HKCR\CLSID\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} HKCR\CLSID\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5}\InprocServer32 HKCR\CLSID\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\CBAAYVV.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BDB17C9-8CB2-4682-A3BF-63BB6CC57034} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} HKCR\CLSID\{7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} Endret 7. januar 2008 av Error Lars Lenke til kommentar
Error Lars Skrevet 7. januar 2008 Forfatter Del Skrevet 7. januar 2008 (endret) Nå kom ZoneAlarm med en melding om at et program kalt MSN MSNGR .exe ville være server. (stort mellomrom mellom MSNGR og .exe.) AVG har også ment at noen exe filer fra programer er virus og puttet dem i vaulte. Er det virus eller AVG som tuller. Endret 7. januar 2008 av Error Lars Lenke til kommentar
norbat Skrevet 7. januar 2008 Del Skrevet 7. januar 2008 Kjør gjennom veiledningen (langversjonen), så ser vi hva dette evt. kan være: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres om legger du her i din egen tråd. Lenke til kommentar
Error Lars Skrevet 7. januar 2008 Forfatter Del Skrevet 7. januar 2008 Ferdig med scanningen, oppdaterte førsteposten. Lenke til kommentar
norbat Skrevet 7. januar 2008 Del Skrevet 7. januar 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O20 - Winlogon Notify: cbaayvv - cbaayvv.dll (file missing) Du har en tjeneste som jeg finner lite info om, men dette er kanskje noe du kjenner til? : HUMMER 4x4 Drivers Auto Removal Kjør en rens med CCleaner igjen og deretter en scan med Antivirusprogrammet du bruker. Gi tilbakemelding på om det fortsatt melder om trojaner. Lenke til kommentar
Error Lars Skrevet 8. januar 2008 Forfatter Del Skrevet 8. januar 2008 Skannet både med AVG og SAS i natt. Fant ingen ting. Så får håpe det er borte. Men ofte har det gått 1-2 dager før jeg fant noe igjen med AVG. Hummer 4x4 Drivers tingen er nok fra et Russisk spill som jeg har prøvd. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå