Et mulig virus jeg ikke blir kvtt

[gaatil]

Jeg fikk fra en nettkafe inn et mulig virus på min maskin. Det gjør ikke annet vondt enn at jeg ikke klarer å bruke usb-funksjon på usb-stick og ipod via normal åpne-funksjon, men jeg har i tillegg to filer program.exe og arhives.exe som ligger på den ene harddisken min. De tas ikke av verken avast antivirus eller superantispyware. Hvis jeg sletter filene, oppstår de på nytt få sekunder senere.

 

I tillegg slettet avast "sign of Win32: Trojan-gen.....has been found in H:/AdobeR.exe-file"

 

Noen som vet hva jeg kan gjøre?

 

takknemlig for all hjelp!

[norbat]

Hei,

Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter, poster du her i din egen tråd

[gaatil]

Med den nye versjonen av teksteditoren, skjønner jeg ikke hvordan jeg kan skjule/vise tekst, så denne tråden blir litt lang.

 

 

SUPERAntiSpyware Scan Log

Generated

02/27/2008

at 01:39 PM

Application Version : 3.9.1008

Core Rules Database

Version : 3407

Trace Rules Database

Version: 1396

Scan type :

Complete Scan

Total Scan Time :

00:55:58

Memory items scanned : 652

Memory threats detected

: 0

Registry items scanned : 6217

Registry

threats detected : 0

File items scanned : 30710

File threats detected : 4

Adware.Tracking Cookie

C:\Documents and Settings\gaatil\Cookies\gaatil@cgi-bin[1].txt

C:\Documents and Settings\gaatiil\Cookies\gaatil@advertising[1].txt

C:\Documents and

Settings\gaatil\Cookies\[email protected][1].txt

BearShare File Sharing Client

C:\PROGRAM FILES\BEARSHARE

APPLICATIONS\BEARSHARE\BEARSHARE.EXE

Endret 27. februar 2008 av gaatil

[gaatil]

ComboFix 08-02-25.3 - xxxxxxxxxxxxx 2008-02-27 13:47:56.2 - NTFSx86

Running from: C:\My Downloads\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\smdat32a.sys

C:\WINDOWS\smdat32m.sys

C:\WINDOWS\system32\Cache

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NTLOAD

 

 

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))

.

 

2008-02-21 19:34 . 2008-02-21 19:34 13,668 --a------ C:\WINDOWS\system32\wpa.bak

2008-02-17 17:32 . 2008-02-27 14:36 <DIR> d-------- C:\Documents and Settings\gaatil\Application Data\skypePM

2008-02-17 17:32 . 2008-02-17 17:32 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-02-17 17:31 . 2008-02-17 17:31 <DIR> d-------- C:\Program Files\Skype

2008-02-17 17:31 . 2008-02-17 17:31 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-02-17 17:31 . 2008-02-27 17:09 <DIR> d-------- C:\Documents and Settings\gaatil\Application Data\Skype

2008-02-17 17:31 . 2008-02-17 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-27 15:43 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-02-27 12:51 --------- d-----w C:\Documents and Settings\gaatil\Application Data\Azureus

2008-02-25 13:18 --------- d-----w C:\Documents and Settings\gaatil\Application Data\Apple Computer

2008-02-23 23:08 --------- d-----w C:\Program Files\Azureus

2008-02-03 22:37 131,072 --sh--r C:\WINDOWS\xrqra.exe

2008-02-03 22:37 131,072 --sh--r C:\Program Files\Common Files\beaao.exe

2004-06-12 14:28 3,108 ----a-w C:\Program Files\readme.txt

2004-01-08 09:38 208,896 ----a-w C:\Program Files\lame_enc.dll

2005-03-07 15:29 104 -csha-r C:\WINDOWS\system32\4F9869CF3D.sys

.

 

------- Sigcheck -------

 

6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe

-c--a-w 516,608 2002-08-29 01:41:28 C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe

----a-w 502,272 2006-02-10 18:03:58 C:\WINDOWS\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-10 10:12 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 16:54 5674352]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 02:55 68856]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]

"RSetting"="c:\windows\inf\wkvle.exe" [2008-02-03 23:37 131072]

"UserTools"="c:\program files\common files\beaao.exe" [2008-02-03 23:37 131072]

"CheckS"="c:\windows\config\umauf.exe" [2008-02-03 23:37 131072]

"DeviceSys"="c:\windows\system32\gmgif.exe" [2008-02-03 23:37 131072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-08 17:12 110592]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-08 17:11 512000]

"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 03:30 81920]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 02:04 208896]

"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]

"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-02-05 01:36 20480]

"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-02-05 01:36 395264]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]

"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09 102400]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]

"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]

"tDefault"="c:\windows\system32\xcruy.exe" [2008-02-03 23:37 131072]

"Settings"="c:\windows\xrqra.exe" [2008-02-03 23:37 131072]

"SystemT"="c:\windows\system\tbhti.exe" [2008-02-03 23:37 131072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Canon LBP-800 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2003-07-24 15:24:11 112640]

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]

QConGina.dll 2004-08-18 03:30 258048 C:\WINDOWS\system32\QConGina.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\xcruy.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R0 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 07:07]

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 03:30]

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 03:30]

R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-02-05 01:36]

R2 RapidPort;RapidPort;C:\WINDOWS\system32\Drivers\CAPLPTN.SYS [2000-04-19 23:00]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 13:00]

R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2004-05-05 12:29]

S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2004-05-05 12:30]

S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2004-05-05 12:29]

S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 03:30]

S4 NTBOOT;NTBOOTMGR;C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe []

 

.

Contents of the 'Scheduled Tasks' folder

"2008-02-22 01:21:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-11-08 12:00:34 C:\WINDOWS\Tasks\BMMTask.job"

- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-27 13:53:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\CAPRPCSK.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\acs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

.

**************************************************************************

.

Completion time: 2008-02-27 13:57:44 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-27 12:57:40

ComboFix2.txt 2007-07-30 21:29:05

.

2008-02-18 13:51:33 --- E O F ---

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:48, on 27.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\CAPRPCSK.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\acs.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\system32\xcruy.exe

C:\windows\xrqra.exe

C:\windows\system\tbhti.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\windows\inf\wkvle.exe

C:\program files\common files\beaao.exe

C:\windows\config\umauf.exe

C:\windows\system32\gmgif.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...tmplcache=2

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.18.205.215:80;gopher=195.18.205.215:80;http=195.18.205.215:80;https=195.18.205.215

443

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [tDefault] c:\windows\system32\xcruy.exe

O4 - HKLM\..\Run: [settings] c:\windows\xrqra.exe

O4 - HKLM\..\Run: [systemT] c:\windows\system\tbhti.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [RSetting] c:\windows\inf\wkvle.exe

O4 - HKCU\..\Run: [userTools] c:\program files\common files\beaao.exe

O4 - HKCU\..\Run: [CheckS] c:\windows\config\umauf.exe

O4 - HKCU\..\Run: [DeviceSys] c:\windows\system32\gmgif.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...loader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...ploader.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....ogleNav.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...85876384792

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurn.ey.net

O17 - HKLM\Software\..\Telephony: DomainName = eurn.ey.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurn.ey.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurn.ey.net

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

 

--

End of file - 11023 bytes

Endret 27. februar 2008 av gaatil

[norbat]

Du har noen filer som bør sjekkes nærmere, men kjør først onlinescanneren Bitdefender og se hva den finner.

[gaatil]

Ingen resultater på virusscanning.

[norbat]

Vi sjekker noen filer:

Gå til nettstedet http://virusscan.jotti.org/ og sjekk følgende filer:

 

C:\windows\system32\xcruy.exe

C:\program files\common files\beaao.exe

C:\windows\system\tbhti.exe

 

Mulig du må slå på "Vis skjulte filer og mapper" for å finne filene.