Wimad-E virus????

jonofisher · #1 21. sep 2008, 16:43

HI Evil Fantasy - Jeg har et lignende problem til den anden bruger her. Jeg har downloadet og køre combofix, output, der er nedenfor. Jeg vil sætte stor pris på al den hjælp, du kan blive i stand til at levere. Jeg ved sagens akter, at den trojanske kom i - jeg har forsøgt at slette den, men windows vil ikke lade mig - siger, at det er i brug. Alle tanker er mest tiltrængt.

Tak

ComboFix 08-09-20.05 - Administrator 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Kører fra: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt
ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.
((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ adver tising [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ hits. gureport.co [1]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ nyheder. uk.msn [2]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ revsc I [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ RTM [6]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ Servi ng-sys [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ speci ficclick [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ handel dobbleren [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Files Created fra 2008-08-21 til 2008-09-21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Programmer \ udrydde It!
2008-09-14 21:22. 2008-04-14 01:12 221.184 - a ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ da
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2.940.928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844.314 --------- C: \ WINDOWS \ system32 \ dllcache \ msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Programmer \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73.728 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Programmer \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Programmer \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Programmer \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Programmer \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Programmer \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107.368 - a ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15.464 - a ------ C: \ Windows \ System32 \ Drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> D -------- C: \ Programmer \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> D -------- C: \ Programmer \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Programmer \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Programmer \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Programmer \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Programmer \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 21:10 53.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuauclt.exe
2008-07-18 21:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 21:10 36.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 21:09 563.912 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 21:09 325.832 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 21:09 205.000 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-18 21:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ dllcache \ wuaueng.dll
2008-07-07 20:26 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-07-07 20:26 253.952 ------ w C: \ WINDOWS \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619.520 ------ w C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2008-06-24 16:43 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-24 16:43 74.240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666,112 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-06-23 15:09 666,112 ------ w C: \ WINDOWS \ system32 \ dllcache \ Wininet.dll
2008-06-23 15:09 3,067,392 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
"SWG" = "C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Programmer \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Programmer \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001-10-11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003-06-27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 TrackPoint Driver; C: \ Windows \ System32 \ Drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (f1882860-129 D-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* Nyoprettede Service * - PROCEXP90
.
Indhold af "Planlagte opgaver" mappe
.
.
------- Supplerende Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / ie
R1 -: HKCU-Internet Settings, ProxyOverride = *. lokale
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & ksporter til Microsoft Excel - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ System32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning skjulte processer ...
scanning skjulte autostart entries ...
scanning skjulte filer ...
scanning afsluttet med succes
skjulte filer: 0
************************************************** ************************
.
--------------------- DLL'er Loaded Under Running Processes ---------------------
PROCESS: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Afslutning tid: 2008-09-22 0:33:07
ComboFix-karantæne-files.txt 2008-09-21 23:33:06
Pre-Run: 9484075008 bytes fri
Post-Run: 9686056960 bytes fri
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 21. sep 2008, 17:37

Downloade TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklik på HJTInstall.
Klik på Installer knappen.
Det vil automatisk placere HJT i C: \ Programmer \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installere, HijackThis bør åbne for dig.
Klik på Må en systemscanning og gemme en logfil knappen
HijackThis scanner og derefter en log åbnes i Notesblok.
Kopier og derefter indsætte hele indholdet i loggen i dit indlæg.
Må ikke har HijackThis fastsætte noget endnu. Det meste af det, det finder er ufarlige eller ligefrem nødvendig.

jonofisher · #3 21. sep 2008, 23:43

Tak for hjælpen. produktion af filen nedenfor:

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 07:40:46 den 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ LimeWire \ LimeWire.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Programmer \ Bonjour \ mDNSResponder.exe
C: \ Programmer \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (Mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Programmer \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / START
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programmer \ Messenger \ msmsgs.exe" / baggrund
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Ekstra knap: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Programmer \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner klasse) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Genvejstast Poller - Unknown ejer - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Ukendt ejer - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
--
End of file - 6502 bytes

**evilfantasy** · #4 22. sep 2008, 07:42

Jeg kan ikke se nogen malware, hvilke problemer er du der?

Du kan køre scanninger her http://www.computer-juice.com/forums...-posting-7476/ og efter logfilerne når komplet. Kig på AVG oplysninger. Du skal opdatere din.

jonofisher · #5 22. sep 2008, 10:38

Hi Evilfantasy - tak. Problemet er dette: En mistænkt mp3 blev hentet fra LimeWire. Jeg synes, det er blevet dobbelt klikket på, og bestemt blev forsøgt at indlæse i iTunes. (Det vil imidlertid ikke have været køre med media player - ikke bruger det - ikke, at sagen, som jeg læste et sted at wimad bruger Windows MediaPlayer sårbarhed). Jeg så scannet filen med AVG, som samles op Wimad E. Men det plejer synes at lade mig slette det eller karantaeneforanstaltninger det mere, hvis jeg bare prøve at slette filen, vinduer siger filen er i brug og derfor ikke kan slettes .

Jeg vil gå gennem de trin, du tyder på, at andre siden.

Tak

**evilfantasy** · #6 22. sep 2008, 10:41

Post loggen fra MalwareBytes. Hvis det ikke finder det, vi vil bruge en anden scanner til at finde den.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Virus Spørgsmål - Kan nogen fortælle mig, hvis jeg må have en virus	billozz	Virus, Spyware & Sikkerhed	1	2 april 2009 13:58
Mine venner MAC er en virus ... Umm ... yeah ... en virus ...	cheesepuff	Virus, Spyware & Sikkerhed	3	29 oktober 2008 12:58
Jeg må bare have en virus.	xXeneXx	Virus, Spyware & Sikkerhed	2	28 oktober 2008 17:26
Please Please Pleeease Hjælp Wimad-E virus????	LiamRepiso	Virus, Spyware & Sikkerhed	16	10. sep 2008 04:39
Virus	lolli_pop	Virus, Spyware & Sikkerhed	13	17 november 2007 09:42