HansHG Skrevet 11. april 2008 Rapporter Del Skrevet 11. april 2008 (endret) Hei Hver gang jeg starter opp maskina får jeg opp en RunDLL feilmelding: Feil ved innlasting av C:\User\xxx\AppData\Local\Temp\awtss.dll Den angitte modulen ble ikke funnet Har søkt litt på google men det ligger bare gamle tråder hvor linkene ikke funker der. Hvordan kan jeg fjerne denne trojanen ? Kjører Vista Ultimat hvis det skulle være til hjelp Endret 11. april 2008 av JungHanz Lenke til kommentar
norbat Skrevet 11. april 2008 Rapporter Del Skrevet 11. april 2008 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster her i tråden din. Lenke til kommentar
HansHG Skrevet 11. april 2008 Forfatter Rapporter Del Skrevet 11. april 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:37, on 11.04.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Hans\Desktop\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Hans\AppData\Local\Temp\awtss.dll,#1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A0F8C4AF-2B41-447C-852D-A7177A1246A8}: NameServer = 10.0.0.138,10.0.1.138 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 8332 bytes Lenke til kommentar
norbat Skrevet 11. april 2008 Rapporter Del Skrevet 11. april 2008 Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Hans\AppData\Local\Temp\awtss.dll,#1 Restart PC-en Vi bør ta en ekstra sjekk for å se om det ligger noe mer på PC-en som bør fjernes. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
HansHG Skrevet 11. april 2008 Forfatter Rapporter Del Skrevet 11. april 2008 RunDll feilmeldinga ble borte etter jeg restarta PC-en ! Combofix: ComboFix 08-04-10.9 - Hans 2008-04-11 18:36:46.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.1199 [GMT 2:00] Running from: C:\Users\Hans\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\npf.sys C:\Windows\system32\packet.dll C:\Windows\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))) . 2008-04-11 06:46 . 2008-04-11 06:46 <DIR> d-------- C:\Program Files\Panda Security 2008-04-11 06:27 . 2008-04-11 06:27 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-10 20:39 . 2008-04-11 17:55 <DIR> d-------- C:\VundoFix Backups 2008-04-09 20:19 . 2008-04-09 20:19 <DIR> d-------- C:\Users\Hans\AppData\Roaming\DWGeditor 2008-04-09 20:19 . 2008-04-09 20:19 <DIR> d-------- C:\Program Files\DWGeditor 2008-04-09 20:18 . 2008-04-09 20:53 <DIR> d-------- C:\Program Files\SolidWorks Installation Manager 2008-04-09 20:18 . 2008-04-09 20:18 0 --a------ C:\Windows\eDrawingOfficeAutomator.INI 2008-04-09 20:17 . 2004-11-05 11:08 670,208 --a------ C:\Windows\System32\drivers\hardlock.sys 2008-04-09 20:17 . 2008-04-09 20:17 23 --ah----- C:\Windows\yacht.xws 2008-04-09 20:16 . 2008-04-09 20:58 <DIR> d-------- C:\Program Files\Common Files\eDrawings2007 2008-04-09 20:13 . 2008-04-09 20:59 <DIR> d-------- C:\Program Files\SolidWorks 2008-04-09 20:13 . 2008-04-09 20:58 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared 2008-04-09 20:13 . 2008-04-09 20:13 <DIR> d-------- C:\Program Files\Common Files\Solidworks Data 2008-04-09 20:12 . 2008-04-09 20:12 42 --a------ C:\Windows\trailer.xws 2008-04-09 13:49 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-09 13:49 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-09 13:49 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-09 13:49 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-09 13:49 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-09 13:49 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-09 13:49 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-09 13:49 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-09 13:49 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-03-31 12:28 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-03-31 12:28 . 2006-12-20 08:03 229,888 --a------ C:\Windows\System32\msshsq.dll 2008-03-31 00:50 . 2008-03-31 02:07 <DIR> d-------- C:\ApolloDivxToDVD 2008-03-31 00:48 . 2008-03-31 00:50 <DIR> d-------- C:\Program Files\Apollo DivX to DVD Creator 2008-03-31 00:17 . 2008-03-31 00:17 <DIR> d-------- C:\Program Files\ImTOO 2008-03-25 16:30 . 2008-04-09 20:34 <DIR> d-------- C:\Users\All Users\Google 2008-03-12 14:55 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 14:55 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-11 15:56 --------- d-----w C:\Program Files\PowerISO 2008-04-11 12:17 --------- d-----w C:\Users\Hans\AppData\Roaming\AVG7 2008-04-10 19:17 --------- d-----w C:\Users\Hans\AppData\Roaming\uTorrent 2008-04-10 14:56 --------- d-----w C:\Program Files\Google 2008-04-09 18:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-09 18:36 --------- d-----w C:\Program Files\Yahoo! 2008-04-09 18:35 --------- d-----w C:\Program Files\Futuremark 2008-04-09 14:53 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 14:52 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-03 23:01 --------- d-----w C:\Users\Hans\AppData\Roaming\dvdcss 2008-03-31 23:49 --------- d-----w C:\Users\Hans\AppData\Roaming\LimeWire 2008-03-25 14:30 --------- d-----w C:\Program Files\Java 2008-03-20 13:48 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-03 05:24 --------- d-----w C:\Program Files\ImgBurn 2008-03-03 05:23 --------- d-----w C:\Users\Hans\AppData\Roaming\ImgBurn 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-27 17:48 --------- d-----w C:\Users\Hans\AppData\Roaming\Logitech 2008-02-27 17:48 --------- d-----w C:\ProgramData\Logitech 2008-02-27 17:47 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe 2008-02-27 17:47 --------- d-----w C:\Program Files\Logitech 2008-02-27 17:46 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-02-27 17:46 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-27 17:45 --------- d-----w C:\ProgramData\LogiShrd 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-18 23:27 413,696 ----a-w C:\Windows\System32\wrap_oal.dll 2008-02-18 23:27 110,592 ----a-w C:\Windows\System32\OpenAL32.dll 2008-02-18 23:27 --------- d-----w C:\Program Files\OpenAL 2008-02-14 13:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 13:40 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 13:38 613,888 ----a-w C:\Windows\System32\wpd_ci.dll 2008-02-14 13:38 224,824 ----a-w C:\Windows\System32\clfs.sys 2008-02-14 13:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 13:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 13:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 13:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 13:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 13:34 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-14 13:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 13:32 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 13:32 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 13:32 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 13:32 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 13:32 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 13:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 13:31 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 13:31 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 13:31 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 13:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 13:31 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-13 14:54 --------- d-----w C:\Users\Hans\AppData\Roaming\JLC's Software 2008-02-13 14:53 --------- d-----w C:\Program Files\JLC's Software 2008-02-13 14:05 --------- d-----w C:\ProgramData\ATI 2008-02-13 14:05 --------- d-----w C:\Program Files\ATI 2008-02-13 13:58 --------- d-----w C:\Program Files\ATI Technologies 2008-01-26 01:10 9,216 ----a-w C:\Windows\System32\avgwlntf.dll 2007-12-25 12:31 22,328 ----a-w C:\Users\Hans\AppData\Roaming\PnkBstrK.sys 2007-12-05 22:40 174 --sha-w C:\Program Files\desktop.ini 2000-10-15 23:19 744,448 ----a-w C:\Program Files\CPUStabTest.exe 2000-10-13 23:44 5,301 ----a-w C:\Program Files\readme.htm . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 01:35 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-06 14:06 167368] "Device Detector"="DevDetect.exe" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-06 00:44 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 11:50 4374528 C:\Windows\RtHDVCpl.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14 35328] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 02:05 200704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-26 03:10 579072] "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-26 03:10 219136] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-27 19:47:55 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-27 19:46:15 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-01-26 03:10 9216 C:\Windows\System32\avgwlntf.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{952F9304-8CE8-48EC-A39C-255FA486CDD6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{0F236924-3EE6-41A9-A09F-46712275DDA3}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{1BD1AB5A-EB93-4C6E-A1A8-37B3CB5B7048}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{10405609-F3B6-40BD-932B-5EAEA7CE116A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{7DAD8D2F-73FC-4DD1-B68E-C48061A7C619}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{2017E9EF-8787-4205-8493-814629989D63}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{109C746B-5F58-47D9-BF58-CE0011CC3EBD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{2E062707-2524-4D6B-961D-BAA52E3826DF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{18285087-D71E-4AF0-AE2F-DB6760243454}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{17757B61-8228-4522-9296-F966B1B92476}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{62782CBC-0BA7-4DD7-A9DC-1AEEFA2471DB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{D5364D35-A620-4BFF-B8D0-1C07D99E7348}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{63F1E2E3-F4F6-47B2-9435-607D501C3BBF}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{DFD1E710-5C95-438D-836A-5C2FF86B0BF1}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{95345B59-77D3-468E-A7D2-8F3D3DD7A579}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "{94CD561B-1D4A-48D1-8363-684AEDF3CEE0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{114B8156-8092-4336-9941-6A22861A6DF9}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{44DB02E5-4050-4413-8C6F-F8B84F90B079}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{761F9625-FC06-4C35-96D6-41389FCC1742}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{6D27A4F7-96E3-4CC3-BEB5-6F84D21BEBEB}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{2429EE2A-F4C8-4F8C-B27C-7D13B7ABB1FD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{02E1A88C-B556-44BF-AA8D-42674BDF74C8}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{A51F0E34-075F-4F75-9F1C-0B6D330D4258}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{088C632B-E6B4-4B93-BCF5-1CF7038E8FBE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{0255F2D2-845C-48D0-8CD1-A35E5F29DE00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{B59AD174-D5B7-423B-9B89-5159A0EA8996}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{D2374E10-CAD4-4CC8-9E82-9F76E27F0924}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{1BBD161A-1ECF-4CDD-9E11-FE8904355DA4}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{E2C4FC27-65B0-4CA1-BE64-1A5964F75382}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{D7C0DA61-5883-416B-A21D-CF1AD5903D9E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{6B96D4E1-407E-4638-8C35-6C4665CB58A1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{3EA0A949-4A85-4796-8B0C-616EE4644F1E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{AC3E995C-32A2-45DC-BA45-AD743E7028A4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{D0EDCE0F-F15B-4CBC-A250-A6CE78D2CF84}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{4EBF2BE0-5CAF-41A8-9A1F-78C5BD4F1651}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{96CE48ED-95AE-42D9-A834-48AE11616C1F}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "UDP Query User{BB411C8F-F13C-4343-BA0A-AF6708C65CD1}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "{C775633D-D49E-4ABA-84CB-D18CE8295CCC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{E61D0F87-2588-48EC-AEB3-C8D863F9BDB7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{CB1ADD25-F39C-4FD5-A151-9B057245AB15}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{3630D267-4F9E-46F4-B49D-297C1A91C07B}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 05:55] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-22 10:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae2f203-a6bd-11dc-a205-00508db2967c}] \shell\AutoRun\command - F:\swlauncher.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-11 18:38:36 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-11 18:39:02 ComboFix-quarantined-files.txt 2008-04-11 16:38:57 Pre-Run: 23,870,054,400 byte ledig Post-Run: 23,748,780,032 byte ledig . 2008-04-09 14:52:27 --- E O F --- Lenke til kommentar
norbat Skrevet 11. april 2008 Rapporter Del Skrevet 11. april 2008 (endret) Ser fint ut dette. Feilmeldingen din var knyttet til en registeroppføring. Selve fila var fjernet. Vet ikke om du har fått noe varsel fra dine sikkerhetsprogram om infiserte filer tidligere? Du kan fjerne combofix ved å skrive combofix /u i kjør/søk-feltet. Dette fjerner programmet samt nullstiller systemgjenopprettingsmappa. Endret 11. april 2008 av norbat Lenke til kommentar
HansHG Skrevet 11. april 2008 Forfatter Rapporter Del Skrevet 11. april 2008 AVG har funnet noe div. for en tid siden. Men husker ikke akkurat hva det var. Men uansett er det borte nå. Tusen takk for hjelpen. Lenke til kommentar
norbat Skrevet 11. april 2008 Rapporter Del Skrevet 11. april 2008 Høres fint ut. Hvis du mener saken er løst, kan du redigere 1.post og skrive ordet [LØST] framfor emnetittelen din. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå