kakesjef Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) Som tittelen sier fant AVG idag en trojansk hest (trojan horse PSW.generic5.AFPI) i en keygen fil som jeg har brukt og som har fungert utmerket... Jeg har hatt den liggende på pcen en stund og ved tidligere scans har AVG ikke funnet tegn til dette... Er en trojansk hest noe som utvikler seg over tid og som først blir funnet en stund etter du har fått fila på maskinen? Hva gjør eventuelt et slikt virus og kan det bli fjernet? Takker for alle svar Endret 13. januar 2008 av kakesjef Lenke til kommentar
Zethyr Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Det kan hende at virussignaturen først har blitt lagt til AVG nå i det siste. Det er veldig vanlig å ha trojanere i keygens btw, lønner seg å være forsiktig med dem. Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Ok, men kan det fjernes med avg eller andre programmer? Lenke til kommentar
Zethyr Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Ok, men kan det fjernes med avg eller andre programmer?Jada. Prøv å få AVG til å fjerne den og se om den klarer det. Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Fikk ikke til å få avg til å fjerne det... Men jeg sjekket også en nettbasert virussjekk som fant en del som den slettet. Her er hjt loggen jeg kjørte etterpå, fint om noen kunne sjekket den. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:57, on 2008-01-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\programmer\ad-aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\programmer\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\ViStart\ViStart.exe C:\Programfiler\ViOrb\ViOrb.exe C:\Programfiler\WinFlip\WinFlip.exe D:\programmer\Launchy\Launchy.exe D:\programmer\ObjectDock\ObjectDock.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sverre Kyvik Bauge\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://norwegian.ircfast2.com/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programfiler\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\programmer\adobe\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmer\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [ViStart] C:\Programfiler\ViStart\ViStart.exe O4 - HKCU\..\Run: [ViOrb] C:\Programfiler\ViOrb\ViOrb.exe O4 - HKCU\..\Run: [WinFlip] C:\Programfiler\WinFlip\WinFlip.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Stardock ObjectDock.lnk = D:\programmer\ObjectDock\ObjectDock.exe O4 - Global Startup: Launchy.lnk = D:\programmer\Launchy\Launchy.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\programmer\ad-aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6021 bytes Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Loggen ser grei ut. Du kunne også forsøk å scannet med Combofix. Den lager en logg som viser noen andre områder på PC-en: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Jeg får det ikke til å fungere... Vinduet kommer opp og ber om at ejg trykker 1 for å gå videre, men da skjer det ingenting... Tar det lang tid før det skjer noe eller hva? Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Det burde ikke ta for lang tid. Mulig brannmuren din stopper det? Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Det er meget mulig, når vinduet kommer opp må jeg velge allow gjennom zonealarm... vil det forstyrre handlingen? Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Slå av brannmuren mens du kjører programmet. Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 Slik da gikk det. ComboFix 08-01-13.1 - Sverre Kyvik Bauge 2008-01-13 21:38:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2558 [GMT 1:00] Running from: C:\Documents and Settings\Sverre Kyvik Bauge\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\pskill.exe . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-13 19:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 19:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-13 19:15 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-13 19:08 . 2008-01-13 19:44 <DIR> d-------- C:\Documents and Settings\Sverre Kyvik Bauge\.housecall6.6 2008-01-13 18:03 . 2008-01-13 18:05 <DIR> d-------- C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\U3 2008-01-02 12:45 . 2008-01-13 21:39 8,984,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-02 12:45 . 2008-01-13 01:24 84,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-02 12:41 . 2008-01-02 12:41 <DIR> d-------- C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\MailFrontier 2008-01-02 12:41 . 2008-01-02 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MailFrontier 2008-01-02 12:41 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-01-02 12:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-01-02 12:41 . 2008-01-02 12:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-02 12:39 . 2008-01-13 21:31 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-01-02 00:57 . 2008-01-02 00:57 0 --a------ C:\WINDOWS\WB.ini 2008-01-01 23:58 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll 2008-01-01 20:23 . 2008-01-01 20:23 <DIR> d-------- C:\Programfiler\HelioBar XP 2008-01-01 20:09 . 2008-01-01 20:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-01 14:38 . 2008-01-01 14:39 <DIR> d-------- C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\ViStart 2008-01-01 14:36 . 2008-01-03 00:06 <DIR> d-------- C:\WINDOWS\system32\VIRepair 2008-01-01 14:36 . 2008-01-13 17:52 <DIR> d-------- C:\Programfiler\WinFlip 2008-01-01 14:36 . 2008-01-13 17:52 <DIR> d-------- C:\Programfiler\ViStart 2008-01-01 14:36 . 2008-01-01 14:36 <DIR> d-------- C:\Programfiler\ViOrb 2008-01-01 14:36 . 2008-01-01 14:36 <DIR> d-------- C:\Programfiler\TrueTransparency 2008-01-01 14:36 . 2008-01-01 14:36 <DIR> d-------- C:\Programfiler\Styler 2008-01-01 14:36 . 2007-04-15 01:32 7,333,376 --a------ C:\WINDOWS\system32\vistaui.exe 2008-01-01 14:36 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe 2008-01-01 14:36 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp 2008-01-01 14:34 . 2008-01-01 14:36 <DIR> d-------- C:\WINDOWS\system32\VITrans 2008-01-01 14:34 . 2008-01-01 14:38 <DIR> d-------- C:\VTPFiles 2008-01-01 14:34 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe 2008-01-01 14:34 . 2008-01-01 14:34 78,942 --a------ C:\WINDOWS\Icon_1.ico 2008-01-01 14:34 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe 2008-01-01 14:34 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe 2007-12-29 15:00 . 2007-12-29 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2007-12-26 13:22 . 2007-12-26 13:22 268 --ah----- C:\sqmdata06.sqm 2007-12-26 13:22 . 2007-12-26 13:22 244 --ah----- C:\sqmnoopt06.sqm 2007-12-25 17:56 . 2007-12-25 17:56 268 --ah----- C:\sqmdata05.sqm 2007-12-25 17:56 . 2007-12-25 17:56 244 --ah----- C:\sqmnoopt05.sqm 2007-12-24 14:44 . 2007-12-24 14:44 <DIR> d---s---- C:\Documents and Settings\Sverre Kyvik Bauge\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 20:33 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Launchy 2008-01-13 18:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Grisoft 2008-01-13 18:14 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\AVG7 2008-01-11 19:42 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\LimeWire 2008-01-10 22:16 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\OpenOffice.org2 2008-01-07 20:20 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\uTorrent 2008-01-02 14:07 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-02 11:50 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Skype 2008-01-02 11:47 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\skypePM 2008-01-01 13:41 --------- d-----w C:\Programfiler\Fellesfiler\Stardock 2007-12-29 13:59 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-28 14:48 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Sony 2007-12-22 23:32 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-13 23:04 --------- d-----w C:\Programfiler\Java 2007-12-08 22:52 --------- d-----w C:\Programfiler\MSXML 6.0 2007-12-07 18:13 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\DivX 2007-12-07 17:57 --------- d-----w C:\Programfiler\Steinberg 2007-12-07 17:57 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Publish Providers 2007-12-07 17:54 --------- d-----w C:\Programfiler\Vstplugins 2007-12-07 17:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony 2007-12-07 17:51 --------- d-----w C:\Programfiler\MSBuild 2007-12-07 17:49 --------- d-----w C:\Programfiler\Reference Assemblies 2007-12-07 17:48 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Sony Setup 2007-12-07 13:41 --------- d-----w C:\Programfiler\AviSynth 2.5 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-02 23:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2007-12-01 19:55 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\Ventrilo 2007-11-29 22:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-29 22:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-11-24 19:08 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2007-11-24 19:06 --------- d-----w C:\Programfiler\Skype 2007-11-24 19:06 --------- d-----w C:\Programfiler\Fellesfiler\Skype 2007-11-24 19:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2007-11-16 19:25 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\OtakuSoftware 2007-11-16 15:23 --------- d-----w C:\Programfiler\SmartFTP Client 2007-11-16 15:23 --------- d-----w C:\Documents and Settings\Sverre Kyvik Bauge\Programdata\SmartFTP 2007-11-16 15:22 --------- d-----w C:\Programfiler\SmartFTP Client 2.5 Setup Files 2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-28 15:52 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-28 15:52 8,531,968 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-28 15:52 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-28 15:52 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-28 15:52 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-28 15:52 5,768,320 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-28 15:52 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-28 15:52 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-28 15:52 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-28 15:52 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-28 15:52 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-28 15:52 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-28 15:52 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-28 15:52 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-28 15:52 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-28 15:52 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-28 15:52 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-28 15:52 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-28 15:52 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-10-28 15:52 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-10-28 15:52 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-10-28 15:52 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-28 15:52 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-10-28 15:52 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll 2007-10-28 15:52 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-10-28 15:52 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-10-28 15:52 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-10-24 16:00 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-10-24 16:00 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-10-20 07:50 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920] "ViStart"="C:\Programfiler\ViStart\ViStart.exe" [2007-11-26 19:27 593920] "ViOrb"="C:\Programfiler\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840] "WinFlip"="C:\Programfiler\WinFlip\WinFlip.exe" [2007-10-25 02:12 462848] "AdobeUpdater"="C:\Programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 15:49 16126464 C:\WINDOWS\RTHDCPL.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 16:52 8531968] "nwiz"="nwiz.exe" [2007-10-28 16:52 1626112 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="D:\programmer\adobe\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 22:50 579072] "H2O"="C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00 385024] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 16:52 81920] "ZoneAlarm Client"="D:\programmer\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 17:59 219136] C:\Documents and Settings\Sverre Kyvik Bauge\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] Stardock ObjectDock.lnk - D:\programmer\ObjectDock\ObjectDock.exe [2007-10-20 09:17:44] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Launchy.lnk - D:\programmer\Launchy\Launchy.exe [2007-11-04 14:28:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] D:\programmer\stardock\windows blinds\wb\WindowBlinds\wbsrv.dll 2007-09-23 10:10 229376 D:\programmer\stardock\windows blinds\wb\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\startupfolder\C:^Documents and Settings^Sverre Kyvik Bauge^Start-meny^Programmer^Oppstart^OpenOffice.org 2.2.lnk] path=C:\Documents and Settings\Sverre Kyvik Bauge\Start-meny\Programmer\Oppstart\OpenOffice.org 2.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-07-03 11:32 81920 C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2007-10-30 19:05 2650112 D:\programmer\rivatuner\RivaTuner v2.06\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-11-16 12:36 21760296 C:\Programfiler\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2007-11-30 23:16 1266936 D:\spill\steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk] --a------ 2007-06-20 09:21 1912832 E:\programmer2\topdesk\topdesk.exe R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 15:12] R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 19:08] S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\SVERRE~1\LOKALE~1\Temp\TCCpuInfo.sys [] S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be1bef11-7f82-11dc-8176-806d6172696f}] \Shell\AutoRun\command - F:\.\Bin\Assetup.exe *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 21:39:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> D:\programmer\ObjectDock\DockShellHook.dll -> C:\Programfiler\ViStart\MainHook.Dll -> C:\Programfiler\WinFlip\WFHook.dll . Completion time: 2008-01-13 21:40:15 ComboFix-quarantined-files.txt 2008-01-13 20:40:13 . 2008-01-10 20:16:03 --- E O F --- Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 Ser greit ut. Fungerer alt som det skal? Lenke til kommentar
kakesjef Skrevet 13. januar 2008 Forfatter Del Skrevet 13. januar 2008 ALt fungerer utmerket har ikke hatt noe problemer. Så kan jeg ta det med ro da? takker for alt Lenke til kommentar
norbat Skrevet 13. januar 2008 Del Skrevet 13. januar 2008 (endret) Alt ok Du kan avinstallere Combofix ved å skrive følgende i kjør-vinduet (start->kjør): combofix /u Endret 13. januar 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå