Yukon Skrevet 22. august 2008 Del Skrevet 22. august 2008 Jeg har slitt med virus som jeg ikke ser ut til å bli kvitt. Har scanna med flere forskjellige programmer, online og installerte(AVG). Hver eneste gang finner den trojanere. Har også hatt problemer med en screensaver som ser ut som blåskjerm, og gir beskjed om at maskina starter på nytt. Akkurat den ser det ut til at jeg har blitt kvitt. Kanskje.. Har forsøkt å følge rådene som er gitt her, og poster loggene mine i håp om at noen kunne ta en titt og gi en diagnose.. På forhånd takk! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/22/2008 at 12:54 PM Application Version : 4.15.1000 Core Rules Database Version : 3543 Trace Rules Database Version: 1532 Scan type : Quick Scan Total Scan Time : 01:05:39 Memory items scanned : 399 Memory threats detected : 0 Registry items scanned : 438 Registry threats detected : 0 File items scanned : 20655 File threats detected : 22 Adware.Tracking Cookie C:\Documents and Settings\Anja K\Cookies\anja k@yourmedia[1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\anja_k@nextag[2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\anja_k@screensavers[2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][2].txt C:\Documents and Settings\Anja K\Cookies\anja_k@toplist[1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\anja_k@tripod[2].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt C:\Documents and Settings\Anja K\Cookies\[email protected][1].txt .imrworldwide.com [ C:\Documents and Settings\Anja K\Programdata\Mozilla\Firefox\Profiles\lgq9l88c.default\cookies.txt ] NotHarmful.Sysinternals Bluescreen Screen Saver C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\BLPHC51PJ0E371.SCR.VIR ComboFix 08-08-21.02 - Jan 2008-08-22 13:18:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.620 [GMT 2:00] Running from: C:\Documents and Settings\Jan\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 11:46 . 2008-08-22 11:46 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-22 11:46 . 2008-08-22 11:46 <DIR> d-------- C:\Documents and Settings\Jan\Programdata\SUPERAntiSpyware.com 2008-08-22 11:46 . 2008-08-22 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-22 11:45 . 2008-08-22 11:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-21 21:35 . 2008-08-22 13:12 <DIR> dr-h----- C:\Documents and Settings\Jan\Siste 2008-08-17 23:21 . 2008-08-17 23:21 <DIR> d-------- C:\Programfiler\Windows Defender 2008-08-17 23:04 . 2008-08-17 23:04 <DIR> d-------- C:\Programfiler\Panda Security 2008-08-17 23:04 . 2008-06-19 17:24 28,544 --a------ C:\WINNT\system32\drivers\pavboot.sys 2008-08-17 21:03 . 2008-08-17 21:03 <DIR> d-------- C:\WINNT\system32\no 2008-08-17 21:03 . 2008-08-17 21:03 <DIR> d-------- C:\WINNT\l2schemas 2008-08-17 20:46 . 2008-04-14 18:22 712,704 --------- C:\WINNT\system32\windowscodecs.dll 2008-08-17 20:46 . 2008-04-14 18:22 346,112 --------- C:\WINNT\system32\windowscodecsext.dll 2008-08-17 20:46 . 2008-04-14 18:22 276,992 --------- C:\WINNT\system32\wmphoto.dll 2008-08-17 20:46 . 2008-04-14 18:22 69,120 --------- C:\WINNT\system32\wlanapi.dll 2008-08-17 20:44 . 2008-04-14 18:21 651,264 --------- C:\WINNT\system32\dot3ui.dll 2008-08-16 19:34 . 2008-08-16 19:34 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-08-14 16:47 . 2008-08-14 16:47 0 --a------ C:\WINNT\system32\2C1.tmp 2008-08-13 15:38 . 2008-05-01 16:38 331,776 -----c--- C:\WINNT\system32\dllcache\msadce.dll 2008-08-13 15:36 . 2008-04-11 21:06 691,712 -----c--- C:\WINNT\system32\dllcache\inetcomm.dll 2008-08-03 11:20 . 2008-08-12 15:50 54,156 --ah----- C:\WINNT\QTFont.qfn 2008-08-03 11:20 . 2008-08-03 11:20 1,409 --a------ C:\WINNT\QTFont.for 2008-07-31 19:52 . 2008-07-31 19:52 <DIR> d-------- C:\Documents and Settings\Jan\Programdata\NewSoft 2008-07-31 18:26 . 2008-08-12 20:18 <DIR> d-------- C:\Documents and Settings\Jan\Programdata\Lasersoft Imaging 2008-07-31 18:18 . 2008-07-31 18:26 <DIR> d-------- C:\Programfiler\SilverFast Application 2008-07-31 18:11 . 2005-06-01 00:28 9,606 --a------ C:\WINNT\system32\NEWSOFT 2008-07-31 18:11 . 2008-07-31 18:11 264 --a------ C:\WINNT\setup.iss 2008-07-31 18:10 . 2008-07-31 18:10 <DIR> d-------- C:\Programfiler\NewSoft 2008-07-31 18:10 . 2008-07-31 18:10 <DIR> d-------- C:\Programfiler\Fellesfiler\PDFView 2008-07-31 18:10 . 2008-07-31 18:10 <DIR> d-------- C:\Programfiler\Fellesfiler\NewSoft 2008-07-31 18:10 . 1997-10-14 05:19 11,776 --a------ C:\WINNT\system32\pmsbfn32.dll 2008-07-31 18:09 . 2008-07-31 18:09 <DIR> d-------- C:\Programfiler\Fellesfiler\ScanSoft Shared 2008-07-31 18:09 . 2008-07-31 18:09 <DIR> d-------- C:\Documents and Settings\Jan\Programdata\ScanSoft 2008-07-31 18:09 . 2008-07-31 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ScanSoft 2008-07-31 18:09 . 2008-07-31 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield 2008-07-31 18:09 . 2008-07-31 18:09 410 --a------ C:\WINNT\MAXLINK.INI 2008-07-31 18:08 . 2008-07-31 18:08 <DIR> d-------- C:\Programfiler\ScanSoft 2008-07-31 18:05 . 2008-07-31 18:05 <DIR> d--h----- C:\WINNT\system32\CanonIJ Uninstaller Information 2008-07-31 18:05 . 2008-07-31 18:05 <DIR> d--h----- C:\Programfiler\CanonBJ 2008-07-31 18:05 . 2007-03-23 09:30 1,400,832 --a------ C:\WINNT\system32\CNQ4805C.DLL 2008-07-31 18:05 . 2007-07-12 14:31 212,992 --a------ C:\WINNT\system32\CNQ4805L.DLL 2008-07-31 18:05 . 2007-03-15 07:12 188,416 --a------ C:\WINNT\system32\CNQ4805O.DLL 2008-07-31 18:05 . 2007-03-23 09:29 98,304 --a------ C:\WINNT\system32\CNQ4805I.DLL 2008-07-30 13:18 . 2008-08-22 11:44 <DIR> d--h-c--- C:\$AVG8.VAULT$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 15:59 --------- d-----w C:\Programfiler\MSN Messenger 2008-08-15 20:59 --------- d-----w C:\Programfiler\Opera 2008-08-15 20:58 102,664 ----a-w C:\WINNT\system32\drivers\tmcomm.sys 2008-08-13 18:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-12 16:31 --------- d-----w C:\Documents and Settings\Jan\Programdata\AVGTOOLBAR 2008-07-31 17:51 --------- d-----w C:\Documents and Settings\Jan\Programdata\Canon 2008-07-31 16:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-31 16:09 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-07-31 16:07 --------- d-----w C:\Programfiler\ArcSoft 2008-07-31 16:06 --------- d-----w C:\Programfiler\Fellesfiler\Canon 2008-07-31 16:06 --------- d-----w C:\Programfiler\Canon 2008-07-10 22:14 --------- d-----w C:\Programfiler\Apple Software Update 2008-07-10 22:14 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-07-09 03:05 43,872 ------w C:\WINNT\system32\drivers\PxHelp20.sys 2008-07-09 03:05 129,520 ------w C:\WINNT\system32\pxafs.dll 2008-07-09 03:05 120,568 ------w C:\WINNT\system32\pxcpyi64.exe 2008-07-09 03:05 118,256 ------w C:\WINNT\system32\pxinsi64.exe 2008-07-07 20:29 253,952 ----a-w C:\WINNT\system32\es.dll 2008-07-03 06:14 96,520 ----a-w C:\WINNT\system32\drivers\avgldx86.sys 2008-07-03 06:14 76,040 ----a-w C:\WINNT\system32\drivers\avgtdix.sys 2008-06-24 16:46 74,240 ----a-w C:\WINNT\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINNT\system32\wininet.dll 2008-06-22 12:53 10,520 ----a-w C:\WINNT\system32\avgrsstx.dll 2008-06-22 12:53 --------- d-----w C:\Programfiler\AVG 2008-06-22 12:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg8 2008-06-20 17:49 246,784 ----a-w C:\WINNT\system32\mswsock.dll 2007-02-09 18:53 71,168 ----a-w C:\Programfiler\daT 2006-09-23 17:50 109 ----a-w C:\Programfiler\INSTALL.LOG 2005-01-15 11:38 467 ---ha-w C:\Documents and Settings\Jan\hpothb07.dat 2004-01-04 15:46 20,507 ----a-w C:\Programfiler\uninstall.exe 2004-01-04 15:38 4,074 ----a-w C:\Programfiler\ReadMe.txt 2004-01-04 15:38 2,113 ----a-w C:\Programfiler\Legal.txt 2004-01-04 15:38 1,092 ----a-w C:\Programfiler\WhatsNew.txt . ((((((((((((((((((((((((((((( snapshot@2008-08-21_22.05.55.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-22 09:46:23 18,944 ----a-r C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-08-22 09:46:23 65,024 ----a-r C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2008-04-14 18:22 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Startup Manager Scanner"="C:\Programfiler\Startup Mechanic\StartupMonitor.exe" [2004-09-05 20:01 86016] "SafetyNet"="C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" [2005-04-17 20:32 278528] "SafetyNet_Notifier"="C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" [2005-04-17 20:35 9728] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "QuickTime Task"="F:\qttask.exe" [2007-04-27 09:41 282624] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 06:32 61440] "TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-05-02 15:05 185896] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-22 14:53 1177368] "CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400] C:\Documents and Settings\Jan\Start-meny\Programmer\Oppstart\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Logo Calibration Loader.lnk - C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2006-09-21 19:02:03 708608] ProfileReminder.lnk - C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2006-09-21 19:02:03 954368] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=PAVWAIT.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.lameacm"= LameACM.dll "msacm.dvacm"= C:\PROGRA~1\FELLES~1\ULEADS~1\Vio\Dvacm.acm "VIDC.ACDV"= ACDV.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINNT\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\WINNT\\system32\\usmt\\migwiz.exe"= "C:\\WINNT\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 DiMaint;Eicon Maintenance Driver;C:\WINNT\system32\DRIVERS\DISDN\dimaint.sys [2001-08-17 20:13] R0 Fasttrak;Fasttrak;C:\WINNT\system32\drivers\Fasttrak.sys [2001-11-05 21:35] R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-07-03 08:14] R1 IpcTdiXP;Policy.Net Layered TDI Filter;C:\WINNT\system32\DRIVERS\ipctdixp.sys [2005-01-04 18:19] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-22 14:53] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-22 14:53] R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [2008-07-03 08:14] R2 DiCapi;Eicon CAPI 2.0-driver;C:\WINNT\system32\DRIVERS\DISDN\capi20.sys [2001-08-17 20:13] R2 NwSapAgent;SAP Agent;C:\WINNT\system32\svchost.exe [2008-04-14 18:23] R2 PDIHWCTL;PDIHWCTL;C:\WINNT\system32\drivers\pdihwctl.sys [2004-07-16 18:12] R3 DiWan;Eicon-driver for alle DIVA PnP-kort;C:\WINNT\system32\DRIVERS\DISDN\Diwan.sys [2001-08-17 20:14] R3 ipcimxps;NetVeda Safety.Net Miniport;C:\WINNT\system32\DRIVERS\ipcimxps.sys [2005-03-31 01:03] S2 P1C1394;Phase One 1394 Camera Driver;C:\WINNT\system32\Drivers\p1c1394.sys [] S3 AvFlt;Antivirus Filter Driver;C:\WINNT\system32\drivers\av5flt.sys [] S3 eyeonedp;eye-one display;C:\WINNT\system32\DRIVERS\eyeonedp.sys [2006-01-30 06:10] S3 Lexar2K_JumpShotService;Lexar2K_JumpShotService;C:\WINNT\system32\DRIVERS\LEXAR2K.sys [] S3 scsiscan;SCSI-skannerdriver;C:\WINNT\system32\DRIVERS\scsiscan.sys [2008-04-13 20:45] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINNT\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINNT\system32\DRIVERS\se2End5.sys [2006-05-01 13:15] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINNT\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2793b464-19ca-11dd-8779-0010dcd6e45f}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0a24de6-031f-11dd-8747-0010dcd6e45f}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33acaef-fe35-11dc-873d-0010dcd6e45f}] \Shell\AutoRun\command - J:\InstallTomTomHOME.exe *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-21 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-22 C:\WINNT\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Jan\Programdata\Mozilla\Firefox\Profiles\4kfllbs2.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 13:20:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-08-22 13:24:33 ComboFix-quarantined-files.txt 2008-08-22 11:23:27 ComboFix2.txt 2008-08-21 20:06:31 Pre-Run: 6,016,626,688 byte ledig Post-Run: 6,008,049,664 byte ledig 206 --- E O F --- 2008-08-20 10:16:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:32:58, on 22.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\HPZipm12.exe C:\Programfiler\Photodex\ProShowProducer\ScsiAccess.exe C:\WINNT\System32\svchost.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\Startup Mechanic\StartupMonitor.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe F:\qttask.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\WINNT\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINNT\explorer.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [startup Manager Scanner] C:\Programfiler\Startup Mechanic\StartupMonitor.exe O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "F:\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: ProfileReminder.lnk = C:\Programfiler\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O15 - Trusted Zone: *.softpedia.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.gordinegenbok.se/photos/upload/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: PAVWAIT.DLL,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Raeminkqwsae - Sonic Solutions - (no file) O23 - Service: Rtlusd0a - Realtek Semiconductor Corporation - (no file) O23 - Service: ScsiAccess - Unknown owner - C:\Programfiler\Photodex\ProShowProducer\ScsiAccess.exe -- End of file - 10152 bytes Lenke til kommentar
norbat Skrevet 22. august 2008 Del Skrevet 22. august 2008 Hvor finner AVG trojanerene? Lenke til kommentar
Yukon Skrevet 22. august 2008 Forfatter Del Skrevet 22. august 2008 Hvor finner AVG trojanerene? Trojan horse downloader: C:\QooBox\Qarantene\C\WINNT\system3\_c006ACCF.dat.vir Virus found Backdoor.Hupigon: C:\System Volume Information\_restore{F74169FA-FA6A-455E-8788-1c242-E9B9D46}\RP1459-A0348188.old Dette er det som ligger i virus vault på AVG nå. Men det virker som dette kan være noe annet enn det som har dukket opp tidligere. Det har vært trojan horse downloader det også, men tror det har vært andre navn på de.. Lenke til kommentar
snippsat Skrevet 22. august 2008 Del Skrevet 22. august 2008 (endret) Dette løser vi sånn. Norbat hadde selvfølgelig løst dette lett,hender jeg stepper inn når norbat er offline. C:\QooBox\Qarantene\C\WINNT\system3\_c006ACCF.dat.vir Denne sletter du,det er standar at filer som er satt i karante slettes eller sendes til analyse. --- C:\System Volume Information\_restore{F74169FA-FA6A-455E-8788-1c242-E9B9D46}\RP1459-A0348188.old Dette er systemgjenopprettingmappa--> System Volume Information Vil altså ikke tre i kraft før ved en systemgjennoppretting. Denne vil combofix resette med denne commandoen. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Endret 22. august 2008 av SNIPPSAT Lenke til kommentar
Yukon Skrevet 22. august 2008 Forfatter Del Skrevet 22. august 2008 Dette løser vi sånn.Norbat hadde selvfølgelig løst dette lett,hender jeg stepper inn når norbat er offline. C:\QooBox\Qarantene\C\WINNT\system3\_c006ACCF.dat.vir Denne sletter du,det er standar at filer som er satt i karante slettes eller sendes til analyse. --- C:\System Volume Information\_restore{F74169FA-FA6A-455E-8788-1c242-E9B9D46}\RP1459-A0348188.old Dette er systemgjenopprettingmappa--> System Volume Information Vil altså ikke tre i kraft før ved en systemgjennoppretting. Denne vil combofix resette med denne commandoen. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Ok, tusen takk, jeg får prøve dette! Mvh Yukon Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå