AVG 8.0 fjerner ikke trojanere

[sjekkdenne]

Jeg har problemer med at maskinen min er blitt infisert av trojanske hester. Jeg bruker AVG 8.0, men programmet greier ikke å fjerne de. De blir oppdaget, og jeg flytter de til "Virus Vault". Der klikker jeg på "delete". Når jeg så skal åpne en harddisk fra "Min datamaskin" får jeg virusvarsel igjen. Det samme skjer når jeg bruker ekstern harddisk og minnepenn. Noen som har forslag til hvordan jeg kan løse dette problemet?

[norbat]

Du kunne ha postet en combofix-logg. Den kan evt. fortelle om det ligger noe på PC-en som bør fjernes:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

 

---

Sier AVG noe om denne/disse filene (hvilke filer, hvor ligger de ...)

[sjekkdenne]

Du kunne ha postet en combofix-logg. Den kan evt. fortelle om det ligger noe på PC-en som bør fjernes:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

 

---

Sier AVG noe om denne/disse filene (hvilke filer, hvor ligger de ...)

 

Først av alt: takk for utrolig kjapp hjelp. Nå har jeg kjørt combofix. Under står loggfilen.

 

 

 

ComboFix 08-03-09.1 - Compaq_Eier 2008-03-09 20:46:35.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.95 [GMT 1:00]

Running from: C:\Documents and Settings\Compaq_Eier\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

D:\Autorun.inf

J:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))

.

 

2008-03-09 20:31 . 2008-03-09 20:31 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-09 15:02 . 2008-03-09 15:02 4,096 --a------ C:\WINDOWS\system32\crash

2008-03-09 13:16 . 2008-03-09 13:16 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Programdata\SecuROM

2008-03-09 13:16 . 2008-03-09 13:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-09 09:00 . 2008-03-09 09:00 <DIR> d-------- C:\Programfiler\Aspyr

2008-03-09 08:58 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-09 08:58 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-03-09 08:55 . 2008-03-09 08:55 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-03-09 08:51 . 2008-03-09 08:51 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\DAEMON Tools

2008-03-09 08:51 . 2008-03-09 08:52 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-05 12:10 . 2008-03-09 14:44 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-03-05 12:10 . 2008-03-05 12:10 <DIR> d-------- C:\Programfiler\AVG

2008-03-05 12:10 . 2008-03-05 13:06 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\AVGTOOLBAR

2008-03-05 12:10 . 2008-03-09 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8

2008-03-05 12:10 . 2008-03-05 12:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-03-05 12:10 . 2008-03-05 12:10 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-03-05 12:10 . 2008-03-05 12:10 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-03-05 12:10 . 2008-03-05 12:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-03-05 11:36 . 2008-03-07 16:57 <DIR> dr-h----- C:\Documents and Settings\Compaq_Eier\Siste

2008-03-05 11:27 . 2008-03-05 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion

2008-03-05 11:21 . 2008-03-05 11:34 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-05 11:13 . 2008-03-05 11:13 <DIR> d-------- C:\Programfiler\Yahoo!

2008-03-05 11:13 . 2008-03-05 11:13 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-02 17:30 . 2008-03-02 19:07 300 --a------ C:\WINDOWS\Josefine.ini

2008-02-28 18:13 . 2008-02-28 18:13 244 --ah----- C:\sqmnoopt01.sqm

2008-02-28 18:13 . 2008-02-28 18:13 232 --ah----- C:\sqmdata01.sqm

2008-02-27 07:46 . 2008-02-27 07:46 244 --ah----- C:\sqmnoopt00.sqm

2008-02-27 07:46 . 2008-02-27 07:46 232 --ah----- C:\sqmdata00.sqm

2008-02-09 12:44 . 2008-02-09 12:44 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\U3

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-05 12:20 --------- d-----w C:\Programfiler\GameSpy Arcade

2008-02-29 13:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-29 13:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-02-29 13:32 --------- d-----w C:\Programfiler\WarRock

2008-02-14 17:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-02-08 19:13 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\CyberLink

2008-02-08 16:59 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-08 16:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-02-08 16:32 --------- d-----w C:\Programfiler\Lavasoft

2008-02-08 16:32 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-02-08 15:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-08 15:20 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\InstallShield

2008-02-08 14:07 --------- d-----w C:\Programfiler\EA GAMES

2008-02-08 13:44 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-02-05 17:34 --------- d-----w C:\Programfiler\MSBuild

2008-02-05 17:34 --------- d-----w C:\Programfiler\Microsoft Works

2008-02-05 17:33 --------- d-----w C:\Programfiler\Microsoft.NET

2008-02-04 23:43 --------- d-----w C:\Programfiler\DivX

2008-02-03 15:47 --------- d-----w C:\Programfiler\PC-Doctor 5 for Windows

2008-02-01 22:59 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\SecondLife

2008-02-01 18:35 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-02-01 18:34 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\AdobeUM

2008-01-31 22:38 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\Apple Computer

2008-01-31 22:29 --------- d-----w C:\Programfiler\QuickTime

2008-01-31 22:28 --------- d-----w C:\Programfiler\Apple Software Update

2008-01-31 22:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-31 22:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-01-31 15:21 --------- d-----w C:\Documents and Settings\Compaq_Eier\Programdata\HP

2008-01-30 21:55 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-01-30 15:07 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-30 15:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-01-30 14:53 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP

2008-01-30 07:00 --------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-01-29 22:46 --------- d-----w C:\Programfiler\MSXML 4.0

2008-01-29 20:48 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-01-29 20:48 --------- d-----w C:\Programfiler\Windows Live

2008-01-29 20:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-01-29 20:39 --------- d-----w C:\Programfiler\Google

2008-01-29 20:19 --------- d-----w C:\Programfiler\D-Link

2008-01-29 20:19 --------- d-----w C:\Programfiler\Alpha Networks

2008-01-29 20:15 1,869 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF147AA-UUW SR1939SC EL630_YC_0Pres_QCZB630_E63NOheREA1_48_IAMETHYST-M_SMSI_V1.0_B3.48_T060324_WXH2_L414_M447_J160_7AMD_8Athlon 64_92.19_#060918_N10EC8139_Z_G10025954_OHL-DT-ST DVDRRW GSA-H21N_DLCD905A.MRK

2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:58 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

2004-07-22 09:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB

2004-07-19 21:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab

2004-07-19 21:53 976,020 ----a-w C:\Programfiler\BDAXP.cab

2004-07-09 13:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab

2004-07-09 08:13 703,080 ----a-w C:\Programfiler\BDA.cab

2004-07-09 08:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab

2004-07-09 03:08 472,576 ----a-w C:\Programfiler\dxsetup.exe

2004-07-09 03:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll

2004-07-09 02:03 62,976 ----a-w C:\Programfiler\DSETUP.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-03-05 12:10 2041600 --a------ C:\Programfiler\AVG\AVG8\avgtoolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\Programfiler\AVG\AVG8\avgtoolbar.dll" [2008-03-05 12:10 2041600]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\Programfiler\AVG\AVG8\avgtoolbar.dll [2008-03-05 12:10 2041600]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-06 18:28 68856]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]

"PCDrProfiler"="" []

"HPBootOp"="C:\Programfiler\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"D-Link AirPlus Xtreme G"="C:\Programfiler\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-04 17:00 2502656]

"ANIWZCSService"="C:\Programfiler\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-03-05 12:10 1171712]

 

C:\Documents and Settings\Compaq_Eier\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Programfiler\\Aspyr\\Guitar Hero III\\GH3.exe"=

 

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-05 12:10]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-05 12:10]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-05 12:10]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-05 12:10]

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2003-10-22 15:27]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\Auto\command - J:\rox.exe MobileZero.hta

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rox.exe MobileZero.hta

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20c1911c-d4f4-11dc-a757-0016175a5ec6}]

\Shell\Auto\command - J:\rox.exe MobileZero.hta

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rox.exe MobileZero.hta

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{430635d7-d704-11dc-a75b-0016175a5ec6}]

\Shell\Auto\command - L:\rox.exe MobileZero.hta

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rox.exe MobileZero.hta

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad904b0-cf45-11dc-a750-0016175a5ec6}]

\Shell\Auto\command - rox.exe MobileZero.hta

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rox.exe MobileZero.hta

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-04 12:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-09 20:50:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-09 20:52:33

ComboFix-quarantined-files.txt 2008-03-09 19:52:29

.

2008-02-14 14:06:05 --- E O F ---

[norbat]

Loggen ser fin ut.

 

Hvilke filer er det AVG reagerer på?

[sjekkdenne]

Nå kan jeg faktisk åpne diskene uten å få virusvarsel...ser ut som om problemet er ordnet. Fjerner Combofix trojanere?

Det som bl.a AVG ga varsel på var en mappe/program som la seg inn på harddisk og andre disker som het log.exe.

 

Jeg skal prøve å kjøre full scanning av diskene med AVG nå, er spent om probleme virkelig er fjernet.

[norbat]

Combofix fjerner trojanere, men log.exe er ikke å finne i loggen fra combofix. Kan være at AVG har reagert på noe annet, men kjør full scan og se om det fortsatt finner noe.

 

Du kan ta å avinstallere combofix ved å skrive combofix /u fra kjør-vinduet.