HJELP! :) Trojanske hester..Virus..Et eller annet!

nilieh · 4. oktober 2008

Hei!

Jeg har klart å få virus på laptopen min, eller noe lignende. For å være helt ærlig har jeg virkelig ikke peiling på sånt, så jeg skriver her i håp om at noen kan hjelpe meg

Det begynte med at laptopen min begynte å bli forferdelig treg, låser seg hele tiden, det går ikke an å bruke musa osv, og nå i dag begynte det plutselig å poppe opp en milliard virus advarsler fra AVG. Har kjørt virustester på den hele tiden, men har ikke kommet noe frem før nå. Nå finner den 30 stk trojan horse generic.AOKW og det kommer hele tiden opp små advarsler om tracking cookies. Generelt lever dataen min ett eget liv nå og låser seg, åpner nye vinduer av seg selv. Jeg prøver å fjerne de trojanske hestene med AVG, men når jeg trykker heal så låser dataen seg og den må skrus av og på for at den skal virke igjen, og dermed blir det heller ikke fjernet. For hver gang jeg kjører en ny scan har det kommet flere. Jeg begynner å få litt panikk

Noen som kan hjelpe meg? Har i tilegg McAfee installert, men den finner ingenting galt.

snippsat · 4. oktober 2008

Kjør igjennom denne så ser vi hvordan det ser ut.

https://www.diskusjon.no/index.php?showtopic=691246

nilieh · 4. oktober 2008

Hei,

jeg forsøker, men alt ble bare enda verre. Har fått kjørt det første programmet og det fant ett visst antall filer som var infiserte, skrudde dataen av og på, men når jeg skrudde den på igjen dukket det opp veldig mange oppstartsprogrammer som ble blokkert av windows og enda mer popupvinduer. Restartet pc'en en gang til fordi den gikk ikke an å gjøre noe. Lastet ned ComboFix og da forsvant alt av internetttilkobling, audio osv og nå fungerer altså ingenting. Har fått logg filene men kommer jo ikke inn på internett lenger fra min data.. Hva i all verden skal ejg gjøre nå?

nilieh · 4. oktober 2008

Skrudde den av og på igjen og dette er beskjedene jeg får

"Tjenesten Windows Audio kjører ikke" Denne datamaskinen an ikke spille av lyd fordi tjeneste Windows Audio ikke er aktivert. Vil du aktivere tjenesten Windows Audio?" og "Windows har blokkert en del oppstartsprogrammer" osv osv. I tilegg har alt blitt i "gammel windows" stil og alle virusprogrammer skrudd seg av.

raWrz · 4. oktober 2008

start datan i sikkerhets modus! trykk på F8 når du starter datan så velger du start i sikkerhets modus og ta søkene der!

nilieh · 4. oktober 2008

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database versjon: 1227

Windows 6.0.6001 Service Pack 1

04.10.2008 10:20:34

mbam-log-2008-10-04 (10-20-34).txt

Skanntype: Rask Skann

Objekter skannet: 46322

Tid tilbakelagt: 10 minute(s), 30 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Windows\youtubex.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-10-03.05 - Nina 2008-10-04 10:44:20.1 - NTFSx86

Running from: C:\Users\Nina\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Cookies\nina@adsfac[2].txt

C:\Windows\Temp\log.txt

.

((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))

.

2008-10-04 10:40 . 2008-10-04 10:43 <DIR> d-------- C:\32788R22FWJFW

2008-10-04 10:21 . 2008-10-04 10:21 <DIR> d-------- C:\Users\Nina\viruslogg

2008-10-04 10:08 . 2008-10-04 10:08 <DIR> d-------- C:\Users\Nina\AppData\Roaming\Malwarebytes

2008-10-04 10:08 . 2008-10-04 10:08 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-04 10:08 . 2008-10-04 10:08 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-04 10:08 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-04 10:08 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-04 09:35 . 2008-10-04 09:35 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-10-04 09:35 . 2008-10-04 09:35 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-10-04 09:34 . 2008-10-04 09:34 <DIR> d-------- C:\Users\Nina\AppData\Roaming\SUPERAntiSpyware.com

2008-10-04 09:34 . 2008-10-04 09:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-10-04 06:52 . 2008-10-04 06:52 <DIR> d-------- C:\Program Files\The Cleaner Demo

2008-10-02 07:22 . 2008-10-02 12:34 <DIR> d-------- C:\Program Files\YoutubeGet

2008-10-02 06:03 . 2008-10-02 11:17 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft

2008-09-25 19:59 . 2008-09-25 20:00 <DIR> d-------- C:\Windows\System32\Adobe

2008-09-25 14:57 . 2008-10-04 10:39 <DIR> d-------- C:\Users\Nina\Tracing

2008-09-25 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

2008-09-25 14:46 . 2008-09-04 22:02 56,344 --a------ C:\Windows\System32\drivers\fssfltr.sys

2008-09-25 14:45 . 2008-09-25 14:45 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-09-25 14:44 . 2008-06-26 05:21 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll

2008-09-25 14:44 . 2008-06-26 05:21 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll

2008-09-25 14:43 . 2008-09-25 14:43 <DIR> d-------- C:\Program Files\Microsoft

2008-09-25 14:32 . 2008-09-25 14:32 <DIR> d-------- C:\Program Files\Common Files\Windows Live

2008-09-16 10:52 . 2008-09-16 10:52 <DIR> d-------- C:\EGIS_Drive

2008-09-16 05:10 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-16 05:10 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-16 05:10 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-16 05:10 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-16 05:09 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-16 05:09 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-16 05:09 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-16 05:09 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-16 05:09 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-11 07:31 . 2008-09-25 14:46 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-11 07:31 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-11 07:31 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-11 07:30 . 2008-09-11 07:31 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-11 07:30 . 2008-09-11 07:31 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-11 07:30 . 2008-09-11 07:31 <DIR> d-------- C:\Program Files\iTunes

2008-09-11 07:30 . 2008-09-11 07:30 <DIR> d-------- C:\Program Files\iPod

2008-09-11 07:29 . 2008-09-11 07:29 <DIR> d-------- C:\Program Files\Bonjour

2008-09-11 07:27 . 2008-09-11 07:27 <DIR> d-------- C:\Program Files\QuickTime

2008-09-10 09:22 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 09:22 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 09:22 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 09:22 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 09:22 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 09:22 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 09:22 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 08:00 . 2008-09-10 08:00 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage

2008-09-10 08:00 . 2008-09-10 08:00 <DIR> d-------- C:\ProgramData\Office Genuine Advantage

2008-09-09 00:03 . 2008-09-09 00:03 51,712 --a------ C:\Windows\System32\sirenacm.dll

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 16:04 . 2008-09-05 16:04 288,256 --a------ C:\Windows\WLXPGSS.SCR

2008-09-05 11:27 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-09-05 11:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-09-05 11:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-09-05 11:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-09-05 11:26 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-05 11:26 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-04 08:27 --------- d-----w C:\Users\Nina\AppData\Roaming\Skype

2008-10-04 08:26 --------- d-----w C:\Users\Nina\AppData\Roaming\skypePM

2008-10-04 08:24 54,932 ----a-w C:\Users\All Users\nvModes.dat

2008-10-04 08:24 54,932 ----a-w C:\ProgramData\nvModes.dat

2008-10-04 07:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-10-03 22:15 --------- d-----w C:\ProgramData\SiteAdvisor

2008-10-03 22:15 --------- d-----w C:\Program Files\McAfee

2008-10-03 15:31 --------- d-----w C:\ProgramData\McAfee

2008-10-02 05:42 --------- d-----w C:\Users\Nina\AppData\Roaming\BitTorrent

2008-10-01 05:22 --------- d-----w C:\Users\Nina\AppData\Roaming\LimeWire

2008-09-27 13:28 --------- d-----w C:\Users\Nina\AppData\Roaming\dvdcss

2008-09-26 10:19 --------- d-----w C:\Program Files\BitTorrent

2008-09-25 12:46 --------- d-----w C:\Program Files\Windows Live

2008-09-11 05:27 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-11 01:02 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-11 01:01 --------- d-----w C:\Program Files\Microsoft Works

2008-09-06 09:01 --------- d-----w C:\ProgramData\WLInstaller

2008-09-05 10:42 --------- d-----w C:\Program Files\Windows Mail

2008-08-31 10:50 --------- d-----w C:\Users\Nina\AppData\Roaming\DNA

2008-08-30 06:29 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys

2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll

2008-08-26 15:03 --------- d---a-w C:\ProgramData\TEMP

2008-08-26 13:06 --------- d-----w C:\ProgramData\Oberon Games

2008-08-17 07:06 --------- d-----w C:\Users\Nina\AppData\Roaming\PPD

2008-08-14 05:47 --------- d-----w C:\Program Files\TEXTware

2008-08-14 01:37 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-08 13:36 --------- d-----w C:\Program Files\Google

2008-08-05 06:24 --------- d-----w C:\Program Files\Apple Software Update

2008-08-05 06:11 --------- d-----w C:\Program Files\Safari

2008-08-05 05:24 --------- d-----w C:\Program Files\Soulseek

2008-07-16 17:51 56 ---ha-w C:\Users\All Users\ezsidmv.dat

2008-07-16 17:51 56 ---ha-w C:\ProgramData\ezsidmv.dat

2008-07-16 14:59 10,520 ----a-w C:\Windows\System32\avgrsstx.dll

2008-07-16 11:30 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-07-16 11:30 315,392 ----a-w C:\Windows\HideWin.exe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-16 171448]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-03 92704]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]

"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Malwarebytes Anti-Malware (reboot)"="C:\Users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-11-21 C:\Windows\SkyTel.exe]

C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-16 1216512]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart

WerSvcGroup REG_MULTI_SZ wersvc

swprv REG_MULTI_SZ swprv

regsvc REG_MULTI_SZ RemoteRegistry

wcssvc REG_MULTI_SZ WcsPlugInService

DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch

wdisvc REG_MULTI_SZ WdiServiceHost

sdrsvc REG_MULTI_SZ sdrsvc

secsvcs REG_MULTI_SZ WinDefend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c50e0bd-774b-11dd-9f7e-ede8d416130c}]

\shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.google.com

R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O18 -: Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\McAfee\SITEAD~1\McIEPlg.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-04 10:48:54

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Users\Nina\AppData\Local\Temp\11dd9da1-bd22-4acf-a8c5-a1e1964c189b.tmp 0 bytes

**************************************************************************

.

Completion time: 2008-10-04 10:52:03

ComboFix-quarantined-files.txt 2008-10-04 08:50:58

Pre-Run: 43 659 149 312 byte ledig

Post-Run: 44,373,217,280 byte ledig

285 --- E O F --- 2008-09-11 01:05:40

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:19:03, on 04.10.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\PLFSetI.exe

C:\Users\Nina\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Acer\Acer VCM\acp2HID.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Nina\Desktop\testbæsj\blala.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Users\Nina\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Acer VCM.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\Windows\system32\pr2akt6c.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--

End of file - 14109 bytes

raWrz · 4. oktober 2008

ser du du bruker McAfee og AVG samtidig? avinnstaler en av dem

edit: kan du kjøre Mbam en gang til i sikkerhets modus? står at 2 virus er på delete on reboot som av og till ikke virker 100% :s

edit2: hvis det ikke virker og avvinnstalere McAfee så går du på disk C programmfiler og sletter McAfee mappa (jeg gjorde det på min acer maskin ble litt irriter på Mcafee)

OG siden du har en acer maskin så kan det hjelpe med å gjennopprette maskinen til fabrikk standar altså: ALT på C disken blir sletta og ikke noe på D disken men det er bare et alternativ

edit3: dette viruset slettes desverre ikke av Mbam og combofix.. hadde dette på den datan jeg skriver med så gjør dette her:

ALLE VIKTIGE filene fra C legger du inn på D disken- gå inn på acer empowering techonlogy - Acer eRecovery - og finn gjennopperett til fabrikk standar dette er den ensten måten jeg fant ut funka

Endret 4. oktober 2008 av Submit

nilieh · 4. oktober 2008

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database versjon: 1227

Windows 6.0.6001 Service Pack 1

04.10.2008 11:39:52

mbam-log-2008-10-04 (11-39-52).txt

Skanntype: Rask Skann

Objekter skannet: 39460

Tid tilbakelagt: 2 minute(s), 36 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Endret 4. oktober 2008 av nilieh

raWrz · 4. oktober 2008

hmm... kan du ta full system skann ser ut som om det er borte ..

nilieh · 4. oktober 2008

Okei, kjører full scan nå. Men tror ikke det er borte, for fremdeles en hau av advarsler fra AVG om "trojan horse generic11.AOKW" osv.

Takk for hjelp!!!!

raWrz · 4. oktober 2008

ikke noe problem

nilieh · 4. oktober 2008

Hei,

jeg kjører full system scan nå, men det har tatt 5 timer, skal det ta så lang tid? Uansett, om jeg legger alt jeg trenger over på D så er det fullstendig sikkert om jeg tar recovery?

Det er siste og eneste løsning?

Tosha0007 · 4. oktober 2008

eg ville ha venta til litt seinare i kveld med å køyra recovery, og fått anten SNIPPSAT eller Norbat til å gå gjennom loggene

Endret 4. oktober 2008 av tosha0007

nilieh · 4. oktober 2008

ok, da venter jeg litt og ser om noen andre har noen flere gode råd

tusen takk for all hjelp.

raWrz · 4. oktober 2008

det at MBAM tar 5 min med full system skann er normalt men hadde vært fin om du kunne kansje innstaler combofix og lagt ut logger der så får jeg norbat eller snippsat til å se det

link til combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

nilieh · 4. oktober 2008

Okei..Full scan

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.28

Database versjon: 1227

Windows 6.0.6001 Service Pack 1

04.10.2008 16:41:41

mbam-log-2008-10-04 (16-41-41).txt

Skanntype: Full Skann (C:\|D:\|)

Objekter skannet: 242178

Tid tilbakelagt: 4 hour(s), 34 minute(s), 45 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 3

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

raWrz · 4. oktober 2008

ta combofix og ta et søk ellers er recovery eneste utvei mener at combofix ikke funka på de virusene eller

nilieh · 4. oktober 2008

Men jeg har jo allerede tatt combofix, har jeg ikke?

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-10-03.05 - Nina 2008-10-04 10:44:20.1 - NTFSx86

Running from: C:\Users\Nina\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!