trojan horse downloader.generic3.eve

[calleklen]

AVG antivirus hittar detta virus som förnyar sig hela tiden. Bitdefender hittar det inte och inte heller trend micro onlinescan. Adaware hittar inget. Har kört AVG i felsäkert läge och efter det försvann viruset ett tag men är nu tillbaka. Heter nu .eve istället för .eux som det hette tidigare.

 

Hijackthis hittar följande. Tacksam för hjälp!!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 09:51:38, on 2007-01-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\Program\Grisoft\AVG7\avgemc.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\HPQ\SHARED\HPQWMI.exe

C:\HJT\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] "C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" /Start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125843048234

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: bw+0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {E42DFA17-5AE1-492B-851F-9845C916990A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[/log]

 

 

[Cecilia]

I vilken fil finns trojanen enligt AVG Anti-Virus?

 

Kör ett bra program mot trojaner som AVG Anti-Spyware (Ewido): http://www.ewido.net/en/

Anvisningar för programmet finns här: http://rstones12.geekstogo.com/ewidosetup.htm

Om det hittar något annat än cookies så kan du klistra in dess rapport i ditt svar. När du har klistrat in rapporten så markerar (målar) du den och trycker sedan på LOG-knappen som finns på samma rad som i svarsfönstret.

 

[calleklen]

Tack för bra tips. AVG Antivirus hittade trojanen i C:\Documents and Settings\All Users\Dokument\setup.exe.

 

AVG Anti-Spyware hittade Downloader.Agent.aii (se log). Samma problem?

 

 

 

[log]---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 21:43:12 2007-01-17

 

+ Scan result:

 

 

 

C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.

C:\System Volume Information\_restore{D5B79321-CC23-48F1-825A-E881BEFE57E5}\RP411\A0071327.exe -> Downloader.Agent.aii : Cleaned.

:mozilla.58:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.59:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.60:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.69:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.43:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.44:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.25:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.29:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.30:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.31:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.19:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.77:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.

:mozilla.23:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.70:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.71:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.91:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.92:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.93:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.94:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.95:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.96:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.97:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.48:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.20:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.21:C:\Documents and Settings\Administratör\Application Data\Mozilla\Firefox\Profiles\oqna0a89.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

 

 

::Report end

 

[/log]

 

[Cecilia]

Ta bort mappen C:\Program\Delade filer\Real\WeatherBug

 

AVG Anti-Spyware hittade Downloader.Agent.aii (se log). Samma problem?

Fast den låg ju i System Restore, så det är ju svårt att veta om det skulle vara samma.

 

Tack för bra tips. AVG Antivirus hittade trojanen i C:\Documents and Settings\All Users\Dokument\setup.exe

Vet du om du har sparat något i den mappen?

Finns filen där nu (ställ in Utforskaren på att visa dolda filer samt visa operativsystemfiler)?

 

Om filen var borta ett tag så kan du ju ha laddat ner något olämpligt igen som t ex detta WeatherBug.

 

[calleklen]

Weather Bug är borttagen C:\Documents and Settings\All Users\Dokument\setup.exe finns inte längre heller. Tror AVG Antivirus tog bort den. Jag laddar aldrig ner filer till denna mapp.

 

 

 

[Cecilia]

Då är nog datorn inte infekterad för tillfället i alla fall.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

[calleklen]

Infektionen fortsätter att komma tillbaka i nya former även om jag följt alla säkerhetsåtgärder. Senast hittades trojanen i C:\System Voume Information\_restore{...} Kan det ha något med systemåterställning att göra? Eller något annat tips?

 

[Cecilia]

C:\System Volume Information\_restore är stället där systemåterställningsfunktionen lagrar olika systemåterställningspunkter. Det betyder att medan din dator var infekterad så skapade Windows en systemåterställningspunkt. Så länge som otrevligheterna ligger i den mappen så är de ofarliga. Däremot så om du återställer till en tidpunkt då datorn var infekterad så blir även otrevligheterna återställda.

 

Du kan ta bort samtliga systemåterställningspunkter genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning