vetting Skrevet 23. august 2008 Del Skrevet 23. august 2008 (endret) Jeg har fått beskjed fra AVG at jeg har fått en Trojansk hest. 2 ganger har AVG av seg selv sagt ifra om den, og en gang har den blitt funnet på virusscan. Se bilde i vedlegger fra virsu vaulte mitt i AVG. HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:44:29, on 23.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\hkcmd.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Notebook Hardware Control\nhc.exe C:\WINDOWS\MXOALDR.EXE C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Opera\opera.exe C:\Programfiler\AVG\AVG8\avgui.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [intelZeroConfig] C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [intelWireless] C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Programfiler\MSI\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programfiler\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programfiler\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 7022 bytes Combofix ComboFix 08-08-21.02 - Øystein Vetting 2008-08-23 18:37:49.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.430 [GMT 2:00] Running from: C:\Documents and Settings\Øystein Vetting\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-23 18:18 . 2008-08-23 18:39 <DIR> dr-h----- C:\Documents and Settings\Øystein Vetting\Siste 2008-08-23 18:18 . 2008-08-23 18:39 <DIR> dr-h----- C:\Documents and Settings\Øystein Vetting\Siste 2008-08-23 15:22 . 2008-08-23 15:23 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-21 10:33 . 2008-08-21 10:36 <DIR> d-------- C:\Programfiler\EndNote X2 2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Thomson ResearchSoft 2008-08-20 14:24 . 2008-08-20 14:24 <DIR> d-------- C:\Programfiler\Fellesfiler\ResearchSoft 2008-08-20 14:18 . 2008-08-21 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Thomson.ResearchSoft.Installers 2008-08-19 16:19 . 2008-08-19 16:19 <DIR> d-------- C:\Documents and Settings\Øystein Vetting\Programdata\ISI ResearchSoft 2008-08-19 16:16 . 2008-08-19 16:18 <DIR> d-------- C:\Programfiler\Reference Manager 11 2008-08-14 13:41 . 2008-08-14 13:41 <DIR> d--h----- C:\WINDOWS\PIF 2008-08-14 13:40 . 2008-08-14 13:40 <DIR> d-------- C:\Documents and Settings\Øystein Vetting\Programdata\Windows Search 2008-08-14 13:09 . 2008-08-14 13:09 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-14 13:09 . 2008-08-14 13:44 <DIR> d-------- C:\Programfiler\Windows Desktop Search 2008-08-14 13:08 . 2008-07-22 17:06 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-08-14 13:08 . 2008-07-22 17:06 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-08-14 13:08 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-08-14 13:08 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-08-14 13:08 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-08-14 13:08 . 2008-07-22 17:06 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb 2008-08-14 11:26 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 11:25 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-07-31 13:58 . 2008-07-31 13:58 268 --ah----- C:\sqmdata04.sqm 2008-07-31 13:58 . 2008-07-31 13:58 244 --ah----- C:\sqmnoopt04.sqm 2008-07-31 13:23 . 2008-04-14 18:22 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-31 13:23 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-07-30 13:55 . 2008-07-30 13:55 268 --ah----- C:\sqmdata03.sqm 2008-07-30 13:55 . 2008-07-30 13:55 244 --ah----- C:\sqmnoopt03.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 16:39 --------- d-----w C:\Documents and Settings\Øystein Vetting\Programdata\EndNote 2008-08-23 13:22 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-08-23 13:22 20,128 ----a-w C:\WINDOWS\system32\MGHwTemp.sys 2008-08-22 19:06 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-08-22 18:58 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-22 18:58 --------- d-----w C:\Programfiler\Brother 2008-08-21 08:36 --------- d-----w C:\Programfiler\Fellesfiler\Risxtd 2008-08-19 14:14 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-19 05:12 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-14 12:13 --------- d-----w C:\Programfiler\Clue 2008-08-13 16:12 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-08-13 09:49 --------- d-----w C:\Programfiler\Windows Live 2008-08-13 09:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-07-24 15:50 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-24 15:50 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-24 15:50 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-16 14:04 --------- d-----w C:\Programfiler\Opera 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-21 17:21 23,456 ----a-w C:\Documents and Settings\Øystein Vetting\Programdata\GDIPFONTCACHEV1.DAT 2007-12-10 17:14 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat 2008-05-10 16:13 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008051020080511\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 12:31 126976] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 21:46 401408] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 00:31 385024] "EOUApp"="C:\Programfiler\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 21:50 356352] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-07-15 19:32 102400] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-07-15 19:31 606208] "MGSysCtrl"="C:\Programfiler\MSI\System Control Manager\MGSysCtrl.exe" [2005-07-25 11:41 167936] "NotebookHardwareControl"="C:\Programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632] "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 14:30 45056] "MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 17:09 118784] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-24 17:50 1232152] "AGRSMMSG"="AGRSMMSG.exe" [2005-08-01 17:00 88363 C:\WINDOWS\AGRSMMSG.exe] "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 19:01 36864 C:\WINDOWS\system32\P0630Pin.dll] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 577536 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2005-05-31 21:46 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Statusovervåkning.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Statusovervåkning.lnk backup=C:\WINDOWS\pss\Statusovervåkning.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^VPN Client.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\VPN Client.lnk backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 18:22 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2005-01-23 12:36 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] --a------ 2005-03-18 16:15 40960 C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] --a------ 2005-03-18 16:03 57393 C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-11-18 17:54 185896 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\RMEDIA.SYS [2003-10-20 21:09] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-24 17:50] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-24 17:50] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-24 17:50] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-24 17:50] R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\System32\Drivers\MGHwCtrl.sys [2007-09-22 12:22] S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-06 03:44] . Contents of the 'Scheduled Tasks' folder 2008-06-19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] 2008-06-19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Programfiler\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-ControlCenter2 - C:\Programfiler\Brother\ControlCenter2\brctrcen.exe MSConfigStartUp-SetDefPrt - C:\Programfiler\Brother\Brmfl05a\BrStDvPt.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 18:41:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-23 18:42:18 ComboFix-quarantined-files.txt 2008-08-23 16:42:10 Pre-Run: 55,814,086,656 byte ledig Post-Run: 55,799,414,784 byte ledig 181 --- E O F --- 2008-08-19 05:13:00 Endret 26. august 2008 av timmy84 Lenke til kommentar
norbat Skrevet 23. august 2008 Del Skrevet 23. august 2008 Kjør diskopprydding (tilbehør->systemverktøy->diskopprydding) Fjern combofix ved å skrive combofix /u Kjør ny AVG scan og se om den fortsatt finner noe. Lenke til kommentar
vetting Skrevet 23. august 2008 Forfatter Del Skrevet 23. august 2008 Kjør diskopprydding (tilbehør->systemverktøy->diskopprydding) Fjern combofix ved å skrive combofix /u Kjør ny AVG scan og se om den fortsatt finner noe. Har kjørt ccleaner noen ganger... Kan godt hende det ikke er noe. Bare stusset på AVG. Lenke til kommentar
vetting Skrevet 23. august 2008 Forfatter Del Skrevet 23. august 2008 Skal kjøre diskoppryddning... Lenke til kommentar
vetting Skrevet 25. august 2008 Forfatter Del Skrevet 25. august 2008 Nå har jeg brukt disopprydning og kjørt en ny scan. Fant ikke noe denne gangen. Var det ikke noe farlig virus/trojaner? Lenke til kommentar
Syar-2003 Skrevet 25. august 2008 Del Skrevet 25. august 2008 Det har i det siste vært mange "falske" trojan deteksjoner med AVG 8 http://www.google.no/search?hl=no&q=AV...3%B8k&meta= Disse falske deteksjonene forsvinner etter at AVG har fått tilbakemeldinger og oppdatert deteksjon/signatur filer til å inkludere disse feilaktige deteksjonene. Kan være en slik du har hatt. Lenke til kommentar
vetting Skrevet 26. august 2008 Forfatter Del Skrevet 26. august 2008 Det har i det siste vært mange "falske" trojan deteksjoner med AVG 8http://www.google.no/search?hl=no&q=AV...3%B8k&meta= Disse falske deteksjonene forsvinner etter at AVG har fått tilbakemeldinger og oppdatert deteksjon/signatur filer til å inkludere disse feilaktige deteksjonene. Kan være en slik du har hatt. Ja, får håpe det Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå