Virus som sier jeg har virus![logger og alt inne][Virker som problemet er løst]

Hmmzor · 16. januar 2008

SAS logg:

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/16/2008 at 12:52 PM

Application Version : 3.9.1008

Core Rules Database Version : 3380

Trace Rules Database Version: 1374

Scan type : Complete Scan

Total Scan Time : 00:17:30

Memory items scanned : 581

Memory threats detected : 0

Registry items scanned : 4314

Registry threats detected : 33

File items scanned : 28786

File threats detected : 12

Trojan.Net-MSV/VPS-Variant

HKLM\Software\Classes\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\InprocServer32

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\InprocServer32#ThreadingModel

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\ProgID

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\Programmable

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\TypeLib

HKCR\CLSID\{2FDC8E29-E942-4307-97C5-69FFA934B331}\VersionIndependentProgID

C:\WINDOWS\DDWLXTQGMQ.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FDC8E29-E942-4307-97C5-69FFA934B331}

Trojan.Smitfraud Variant-Gen/IEDef

HKLM\Software\Classes\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}#AppID

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}#LocalizedString

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Elevation

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Elevation#Enabled

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Implemented Categories

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\InprocServer32

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\InprocServer32#ThreadingModel

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\ProgID

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\TypeLib

HKCR\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}\Version

C:\WINDOWS\SYSTEM32\POWERVIDEO.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{741403DD-46A4-4D58-8FA7-427335C3BBF6}

Browser Hijacker.Internet Explorer Settings Hijack

HKU\S-1-5-21-1454471165-1078145449-839522115-1003\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ]

Trojan.Net-MSV/VPS

HKCR\MSVPS.MSVPSApp

HKCR\MSVPS.MSVPSApp\CLSID

HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\images

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\privacy_danger

C:\Documents and Settings\Didrik Leganger\Favoritter\Error Cleaner.url

C:\Documents and Settings\Didrik Leganger\Favoritter\Privacy Protector.url

C:\Documents and Settings\Didrik Leganger\Favoritter\Spyware&Malware Protection.url

Trojan.Net-MU/Gen

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName

Combofix logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-01-16.4 - Didrik Leganger 2008-01-16 12:58:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1349 [GMT 1:00]

Running from: C:\Documents and Settings\Didrik Leganger\Skrivebord\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Didrik Leganger\Favoritter\Error Cleaner.url

C:\Documents and Settings\Didrik Leganger\Favoritter\Privacy Protector.url

C:\Documents and Settings\Didrik Leganger\Favoritter\Spyware&Malware Protection.url

C:\WINDOWS\dat.txt

C:\WINDOWS\enqvwkp.dll

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

.

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))

.

2008-01-16 12:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-16 12:33 . 2008-01-16 12:41 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-16 12:33 . 2008-01-16 12:33 <DIR> d-------- C:\Documents and Settings\Didrik Leganger\Programdata\SUPERAntiSpyware.com

2008-01-16 12:33 . 2008-01-16 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-16 12:32 . 2008-01-16 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-01-16 12:30 . 2008-01-16 12:30 <DIR> dr-h----- C:\Documents and Settings\Didrik Leganger\Siste

2008-01-16 12:29 . 2008-01-16 12:29 <DIR> d-------- C:\Programfiler\Yahoo!

2008-01-16 12:29 . 2008-01-16 12:29 <DIR> d-------- C:\Programfiler\CCleaner

2008-01-16 00:18 . 2008-01-16 00:18 <DIR> d-------- C:\Programfiler\Trend Micro

2008-01-15 23:42 . 2008-01-15 23:40 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-01-15 23:42 . 2008-01-15 23:40 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-01-15 23:42 . 2008-01-15 23:40 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-01-15 23:18 . 2008-01-15 23:18 244 --ah----- C:\sqmnoopt10.sqm

2008-01-15 23:18 . 2008-01-15 23:18 232 --ah----- C:\sqmdata10.sqm

2008-01-15 22:05 . 2008-01-15 22:05 244 --ah----- C:\sqmnoopt09.sqm

2008-01-15 22:05 . 2008-01-15 22:05 232 --ah----- C:\sqmdata09.sqm

2008-01-15 12:36 . 2008-01-15 12:36 244 --ah----- C:\sqmnoopt08.sqm

2008-01-15 12:36 . 2008-01-15 12:36 232 --ah----- C:\sqmdata08.sqm

2008-01-15 11:30 . 2008-01-15 10:55 262,144 --a------ C:\WINDOWS\bmlvqkn.dll

2008-01-15 11:30 . 2008-01-15 10:55 196,608 --a------ C:\WINDOWS\agrlmvp.dll

2008-01-15 11:30 . 2008-01-15 10:55 90,112 --a------ C:\WINDOWS\fxtqdrl.exe

2008-01-13 20:14 . 2008-01-13 20:14 244 --ah----- C:\sqmnoopt07.sqm

2008-01-13 20:14 . 2008-01-13 20:14 232 --ah----- C:\sqmdata07.sqm

2008-01-12 14:56 . 2008-01-12 14:56 244 --ah----- C:\sqmnoopt06.sqm

2008-01-12 14:56 . 2008-01-12 14:56 232 --ah----- C:\sqmdata06.sqm

2008-01-09 13:35 . 2008-01-09 13:35 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-01-08 15:35 . 2008-01-08 15:35 244 --ah----- C:\sqmnoopt05.sqm

2008-01-08 15:35 . 2008-01-08 15:35 232 --ah----- C:\sqmdata05.sqm

2008-01-07 15:40 . 2008-01-07 15:40 244 --ah----- C:\sqmnoopt04.sqm

2008-01-07 15:40 . 2008-01-07 15:40 232 --ah----- C:\sqmdata04.sqm

2008-01-06 10:45 . 2008-01-09 13:38 <DIR> d-------- C:\Programfiler\World of Warcraft

2008-01-06 00:48 . 2008-01-06 00:48 <DIR> d-------- C:\Programfiler\DivX

2008-01-03 14:28 . 2008-01-03 14:28 268 --ah----- C:\sqmdata03.sqm

2008-01-03 14:28 . 2008-01-03 14:28 244 --ah----- C:\sqmnoopt03.sqm

2008-01-01 17:48 . 2008-01-01 17:48 244 --ah----- C:\sqmnoopt02.sqm

2008-01-01 17:48 . 2008-01-01 17:48 232 --ah----- C:\sqmdata02.sqm

2007-12-31 15:17 . 2007-12-31 15:17 244 --ah----- C:\sqmnoopt01.sqm

2007-12-31 15:17 . 2007-12-31 15:17 232 --ah----- C:\sqmdata01.sqm

2007-12-30 16:34 . 2007-12-30 16:34 <DIR> d-------- C:\Programfiler\iTunes

2007-12-30 16:34 . 2007-12-30 16:34 <DIR> d-------- C:\Programfiler\iPod

2007-12-30 16:17 . 2007-12-30 16:17 <DIR> d-------- C:\Programfiler\Apple Software Update

2007-12-30 16:17 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2007-12-29 23:30 . 2007-12-30 20:59 <DIR> d-------- C:\Documents and Settings\Didrik Leganger\Programdata\dvdcss

2007-12-29 18:14 . 2007-12-29 18:14 <DIR> d-------- C:\Programfiler\Hamachi

2007-12-29 18:14 . 2008-01-16 12:56 <DIR> d-------- C:\Documents and Settings\Didrik Leganger\Programdata\Hamachi

2007-12-29 18:14 . 2007-12-29 18:15 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-12-28 23:30 . 2008-01-16 08:15 <DIR> d-------- C:\Documents and Settings\Didrik Leganger\Programdata\skypePM

2007-12-28 23:30 . 2007-12-28 23:30 32 --a------ C:\Documents and Settings\All Users\Programdata\ezsid.dat

2007-12-28 23:29 . 2007-12-28 23:29 <DIR> d-------- C:\Programfiler\Skype

2007-12-28 23:29 . 2007-12-28 23:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2007-12-28 23:29 . 2008-01-16 12:57 <DIR> d-------- C:\Documents and Settings\Didrik Leganger\Programdata\Skype

2007-12-28 23:28 . 2007-12-28 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2007-12-28 22:30 . 2007-12-28 22:30 <DIR> d-------- C:\Programfiler\Microsoft IntelliPoint

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-16 11:56 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\OpenOffice.org2

2008-01-16 11:56 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\AVG7

2008-01-16 11:32 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-15 22:45 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\mIRC

2008-01-15 22:12 --------- d-----w C:\Programfiler\mIRC

2008-01-15 21:21 --------- d-----w C:\Programfiler\Fellesfiler\LogiShrd

2008-01-15 21:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logishrd

2008-01-11 14:09 --------- d-----w C:\Programfiler\Warcraft III

2008-01-05 23:17 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\BitTorrent

2007-12-30 15:18 --------- d-----w C:\Programfiler\QuickTime

2007-12-28 21:30 --------- d-----w C:\Programfiler\Winamp

2007-12-10 11:56 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\AdobeUM

2007-12-04 20:14 --------- d-----w C:\Programfiler\Ventrilo

2007-12-02 23:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Logitech

2007-11-30 18:28 --------- d-----w C:\Programfiler\Octoshape Streaming Services

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-22 16:03 --------- d-----w C:\Programfiler\WC3Banlist

2007-11-22 14:47 --------- d-----w C:\Programfiler\WinPcap

2007-11-21 11:23 --------- d-----w C:\Documents and Settings\Didrik Leganger\Programdata\vlc

2007-11-21 11:22 --------- d-----w C:\Programfiler\VideoLAN

2007-11-20 14:20 --------- d-----w C:\Programfiler\OpenOffice.org 2.3

2007-11-20 14:20 --------- d-----w C:\Programfiler\Java

2007-11-16 13:45 --------- d-----w C:\Programfiler\BitTorrent

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-21 17:51 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"Steam"="C:\Programfiler\Valve\Steam\\Steam.exe" [2007-11-30 15:07 1266936]

"Octoshape Streaming Services"="C:\Programfiler\Octoshape Streaming Services\Didrik Leganger\OctoshapeClient.exe" [2006-02-13 17:33 214648]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-03-23 09:32 2173744]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 11:40 579072]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-01-15 23:40 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-04 19:43 219136]

C:\Documents and Settings\Didrik Leganger\Start-meny\Programmer\Oppstart\

hamachi.lnk - C:\Programfiler\Hamachi\hamachi.exe [2007-12-29 18:14:28]

OpenOffice.org 2.3.lnk - C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"agrlmvp"= {D7B3DA71-FFA7-4A5B-84B3-FC977B70BF32} - C:\WINDOWS\agrlmvp.dll [2008-01-15 10:55 196608]

"bmlvqkn"= {465E1C4A-0392-4B9C-B0D7-48A1811DFB96} - C:\WINDOWS\bmlvqkn.dll [2008-01-15 10:55 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-09-05 12:27]

S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-06-23 10:35]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2008-01-15 13:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-16 12:59:52

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-16 13:00:02

ComboFix-quarantined-files.txt 2008-01-16 12:00:01

.

2008-01-09 23:40:36 --- E O F ---

Hijackthis logg:

Klikk for å se/fjerne innholdet nedenfor

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\TBPanel.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Valve\Steam\Steam.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programfiler\ASUS WiFi-AP Solo\RtWLan.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\Octoshape Streaming Services\Didrik Leganger\OctoshapeClient.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winamp.com/player/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] C:\Programfiler\Valve\Steam\\Steam.exe -silent

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Didrik Leganger\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe (User 'Default user')

O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Programfiler\Hamachi\hamachi.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: agrlmvp - {D7B3DA71-FFA7-4A5B-84B3-FC977B70BF32} - C:\WINDOWS\agrlmvp.dll

O21 - SSODL: bmlvqkn - {465E1C4A-0392-4B9C-B0D7-48A1811DFB96} - C:\WINDOWS\bmlvqkn.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 9102 bytes

Blir evig takknemmelig hvis noen klarer å fikse dette, fordi det irriterer meg grønn.

Fant også en mappe inne på programfiler som heter: NetMeeting som jeg ikke får til å slette fordi prosessene ikke er avsluttet, men finner ikke prosessene til dette programmet!

Endret 17. januar 2008 av Hmmzor

Jarmo · 16. januar 2008

Har du 2 antivirusprogrammer aktivert samtidig? AVG og Nod32?

Hmmzor · 16. januar 2008

Ja, det virker sånn, SAS fjernet mye dritt, 45 infiserte filer, så når jeg RS'er pcen så finner jeg ut om jeg fortsatt har viruset!

Anbefaler du at jeg avinstallerer det ene antivirusprogrammet?

Jarmo · 16. januar 2008

jepp

Kommer aldri noe godt ut av 2 eller flere AV-programmer samtidig. I verste fall fungerer ingen av de i det hele tatt.

Hmmzor · 16. januar 2008

Ok, men har du noen forslag på hvordan jeg kan fikse problemet mitt?

johome · 16. januar 2008

Gjør det i sikker modus.Da er det lettere å fjerne virus ...

Tror du må trykke F8 under oppstart.

NOD32 bør klare det

Husker jeg ikke feil så har AVG et dårlig rykte på seg når det gjelder å fjerne virus ...

Endret 16. januar 2008 av johome

norbat · 16. januar 2008

Hent Smitfraudfix, legg det på skrivebordet

Restart i sikker modus (tapp F8 under oppstart, velg sikker modus)

Kjør Smitfraudfix, velg valg 2.

Fra normal modus:

Post loggen fra Smitfraudfix + ny hjt-logg

Hmmzor · 16. januar 2008

Det som er med nod er at jeg får en feilmelding

Feilmeldingen: [4] File cannot be opened. It may be in use by another application or operating system.

Er det fordi jeg har nod for vista kanskje? vet ikke hva jeg har men....

Hmmzor · 16. januar 2008

Smitfraud log fra sikkerhetsmodus:

Klikk for å se/fjerne innholdet nedenfor

SmitFraudFix v2.274

Scan done at 23:04:24,20, 16.01.2008

Run from C:\Documents and Settings\Didrik Leganger\Skrivebord\SmitfraudFix

OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCD73DD5-6BE9-42CB-92DE-029A51102E14}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E25DE294-A233-46F3-AF2B-9DA3C14B2C4C}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CS1\Services\Tcpip\..\{BCD73DD5-6BE9-42CB-92DE-029A51102E14}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E25DE294-A233-46F3-AF2B-9DA3C14B2C4C}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CS2\Services\Tcpip\..\{BCD73DD5-6BE9-42CB-92DE-029A51102E14}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E25DE294-A233-46F3-AF2B-9DA3C14B2C4C}: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=130.67.60.68 130.67.15.198 193.213.112.4

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Hijack this log:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:10:05, on 16.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Microsoft IntelliPoint\ipoint.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Valve\Steam\Steam.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programfiler\ASUS WiFi-AP Solo\RtWLan.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Windows NT\Tilbehør\WORDPAD.EXE