Virus og problemer med ComboFix, hjelp!

[putetrekk]

Fikk beskjed på pcn min i går om at den var infisert av alt mulig rart som kunne komme til å slette alt av dokumenter og andre ting som ligger på pcn. Har Norman Security Suite, så tok et søk med den, uten å finne noen infiserte filer på dataen. Deretter gikk jeg inn på denne siden og følgte veiledningen: hjelp til å få fjernet malware. å laste ned mbam gikk greit, den fant endel infiserte filer, og fikk opp dette notatet:

(legger det i spoiler så det ikke tar så stor plass, ja jeg er helt ny på forumbruk.. )

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1403

Windows 6.0.6001 Service Pack 1

 

17.11.2008 11:23:13

mbam-log-2008-11-17 (11-23-13).txt

 

Skanntype: Rask Skann

Objekter skannet: 47705

Tid tilbakelagt: 8 minute(s), 39 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 2

Filer infisert: 5

 

Minneprosesser infisert:

C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\71634219477101454857867984268821 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Users\Mari\Desktop\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

 

 

Men, her kommer nemlig problemet. Når jeg skal laste ned ComboFix går alt fin først, helt til programmet liksom skal være nedlastet, så kommer denne beskjeden opp:

"You cannot rename ComboFix as ComboFix[1]

 

Please use another name, preferbaly made up of alphanumeric characters"

 

 

Kan noen vær så snill å hjelpe meg med akkurat hva jeg skal gjøre? Har Absolut alle eksamensnotatene mine innpå der, så det ville være superkatastrofe om de forsvant. Tørr jo ikke å laste de over på en annen hard-disck i fare for at de er "smittet" av viruset og vil ta det med seg til det som ligger på den discken...

[r2d290]

I steden for å velge lagre når du klikker Combofix-linken, så velger du Åpne. Combofix burde starte da.

[putetrekk]

Tusen takk, da fikk jeg i alle fall til det

 

Her er i alle fall loggene:

 

Mbam:

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1403

Windows 6.0.6001 Service Pack 1

 

17.11.2008 11:23:13

mbam-log-2008-11-17 (11-23-13).txt

 

Skanntype: Rask Skann

Objekter skannet: 47705

Tid tilbakelagt: 8 minute(s), 39 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 2

Filer infisert: 5

 

Minneprosesser infisert:

C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\71634219477101454857867984268821 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

C:\Users\Mari\Desktop\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\Users\Mari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

 

 

ComboFix

 

ComboFix 08-11-16.05 - Mari 2008-11-17 14:04:27.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.288 [GMT 1:00]

Running from: c:\users\Mari\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ieupdates.exe.tmp

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_nsesvc

 

 

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))

.

 

2008-11-17 11:12 . 2008-11-17 11:12 <DIR> d-------- c:\users\Mari\AppData\Roaming\Malwarebytes

2008-11-17 11:12 . 2008-11-17 11:12 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-17 11:12 . 2008-11-17 11:12 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-17 11:12 . 2008-11-17 11:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-17 11:12 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-17 11:12 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-15 01:49 . 2008-11-15 01:49 244 --ah----- C:\sqmnoopt00.sqm

2008-11-15 01:49 . 2008-11-15 01:49 232 --ah----- C:\sqmdata00.sqm

2008-11-14 12:39 . 2008-11-14 12:41 <DIR> d-------- c:\program files\Picasa2

2008-11-14 12:37 . 2008-11-14 12:37 <DIR> d-------- c:\users\All Users\eSellerate

2008-11-14 12:37 . 2008-11-14 12:37 <DIR> d-------- c:\programdata\eSellerate

2008-11-14 12:36 . 2008-11-14 12:36 <DIR> d-------- c:\program files\Western Digital

2008-11-14 12:32 . 2008-11-14 12:36 <DIR> d---s---- c:\users\All Users\Memeo

2008-11-14 12:32 . 2008-11-14 12:36 <DIR> d---s---- c:\programdata\Memeo

2008-11-14 12:32 . 2008-11-14 12:50 <DIR> d-------- c:\program files\Memeo

2008-11-14 12:29 . 2008-11-14 12:29 <DIR> d-------- c:\program files\Western Digital Technologies

2008-11-12 15:21 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-11-12 15:13 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 15:07 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-11-08 20:29 . 2008-11-08 20:29 <DIR> d-------- C:\games

2008-11-05 14:17 . 2008-11-05 14:17 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-11-05 14:13 . 2008-11-05 14:13 <DIR> d-------- c:\program files\LG Electronics

2008-11-05 14:13 . 2008-01-09 10:22 110,464 --a------ c:\windows\System32\drivers\lgmcmdm.sys

2008-11-05 14:13 . 2008-01-09 10:22 109,952 --a------ c:\windows\System32\drivers\lgmcunic.sys

2008-11-05 14:13 . 2008-01-09 10:22 104,448 --a------ c:\windows\System32\drivers\lgmcmgmt.sys

2008-11-05 14:13 . 2008-01-09 10:22 100,480 --a------ c:\windows\System32\drivers\lgmcobex.sys

2008-11-05 14:13 . 2008-01-09 10:22 83,584 --a------ c:\windows\System32\drivers\lgmcbus.sys

2008-11-05 14:13 . 2008-01-09 10:22 25,344 --a------ c:\windows\System32\drivers\lgmcnd5.sys

2008-11-05 14:13 . 2008-01-09 10:22 14,976 --a------ c:\windows\System32\drivers\lgmcmdfl.sys

2008-11-05 14:13 . 2008-01-09 10:22 12,160 --a------ c:\windows\System32\drivers\lgmcwhnt.sys

2008-11-05 14:13 . 2008-01-09 10:22 12,160 --a------ c:\windows\System32\drivers\lgmcwh.sys

2008-11-05 14:13 . 2008-01-09 10:22 12,160 --a------ c:\windows\System32\drivers\lgmccmnt.sys

2008-11-05 14:13 . 2008-01-09 10:22 12,160 --a------ c:\windows\System32\drivers\lgmccm.sys

2008-11-05 14:13 . 2008-01-09 10:22 10,496 --a------ c:\windows\System32\drivers\lgmccr.sys

2008-11-05 14:09 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\System32\NMSDVDXU.dll

2008-11-05 14:09 . 2005-09-26 22:55 419,240 --a------ c:\windows\System32\Vsflex7L.ocx

2008-11-05 14:09 . 2000-05-22 00:00 244,416 --a------ c:\windows\System32\Msflxgrd.ocx

2008-11-05 14:08 . 2008-11-05 14:08 <DIR> d-------- c:\users\Mari\AppData\Roaming\LG Electronics

2008-11-05 14:08 . 2008-11-05 21:42 <DIR> d-------- c:\program files\LG PC Suite II

2008-11-05 14:03 . 2008-11-05 14:03 <DIR> d-------- c:\users\Mari\AppData\Roaming\InstallShield

2008-10-31 22:57 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll

2008-10-31 22:57 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-10-31 22:57 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-10-31 22:57 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-10-31 22:57 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax

2008-10-29 03:34 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-29 03:34 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 03:34 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-26 13:58 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys

2008-10-25 14:49 . 2008-10-25 14:49 <DIR> d-------- C:\PerfLogs

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-17 13:14 --------- d-----w c:\program files\Norman

2008-11-16 22:48 --------- d-----w c:\users\Mari\AppData\Roaming\uTorrent

2008-11-14 12:53 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-02 12:39 --------- d-----w c:\program files\bwin

2008-10-25 14:01 174 --sha-w c:\program files\desktop.ini

2008-10-25 13:51 --------- d-----w c:\program files\Windows Sidebar

2008-10-25 13:51 --------- d-----w c:\program files\Windows Photo Gallery

2008-10-25 13:51 --------- d-----w c:\program files\Windows Mail

2008-10-25 13:51 --------- d-----w c:\program files\Windows Journal

2008-10-25 13:51 --------- d-----w c:\program files\Windows Defender

2008-10-25 13:51 --------- d-----w c:\program files\Windows Collaboration

2008-10-25 13:51 --------- d-----w c:\program files\Windows Calendar

2008-10-25 10:40 82,432 ----a-w c:\windows\System32\axaltocm.dll

2008-10-25 10:40 101,888 ----a-w c:\windows\System32\ifxcardm.dll

2008-10-24 16:35 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-08 12:57 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-08 12:57 --------- d-----w c:\program files\iTunes

2008-10-08 12:56 --------- d-----w c:\program files\iPod

2008-10-04 13:01 --------- d-----w c:\users\Mari\AppData\Roaming\Nokia

2008-10-04 12:15 --------- d-----w c:\users\Mari\AppData\Roaming\PC Suite

2008-10-04 12:15 --------- d-----w c:\programdata\PC Suite

2008-10-04 12:07 --------- d-----w c:\program files\Common Files\PCSuite

2008-10-04 12:07 --------- d-----w c:\program files\Common Files\Nokia

2008-10-04 12:06 --------- d-----w c:\program files\Nokia

2008-10-04 12:03 --------- d-----w c:\program files\DIFX

2008-10-04 12:00 --------- d-----w c:\program files\PC Connectivity Solution

2008-10-04 11:52 --------- d-----w c:\programdata\Installations

2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-05 20:16 1,900,544 ----a-w c:\windows\System32\usbaaplrc.dll

2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll

2008-05-15 14:16 1,668 ----a-w c:\users\Mari\AppData\Roaming\wklnhst.dat

2008-07-10 19:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-07-10 19:19 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-07-10 19:19 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-04-08 77824]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-08 1838592]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]

"NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

c:\users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Memeo AutoBackup Launcher.lnk - c:\users\Mari\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-11-14 73728]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-08 50688]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C82359E2-3AB1-48F9-B59A-E052BDFEAD58}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{BB304EF9-1C8D-4DDC-80C6-F47463DEA486}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{729A6148-0F9C-429F-AED8-CE008C62FE4F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{FC79B298-2F91-46E1-BC11-F608D04D97E5}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{861AFD73-7A1F-4D8F-BDDE-D6019B15BCA1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{BA85E8A2-6CB7-497C-A8CD-5EDECF5EB32D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{21D0490F-8595-460A-9CE9-3C217FFF474F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{A46CEDFF-EFBA-4FE5-82A7-51A6F486FF13}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E0030398-E2B4-4E6F-8C11-D14C9258D4A2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{583C99B4-19D6-4D51-9158-2E134F9E9C2E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{D6C830B6-FE03-4433-AAC4-0C18A40702AA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{8139DFD5-6E62-46E3-9AE9-72624B13F9D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24efd4ee-b0bc-11dd-8170-001d09493a6a}]

\shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{812576bb-0aed-11dd-9eac-001d09493a6a}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a540494e-2d39-11dd-83a3-001d09493a6a}]

\shell\AutoRun\command - f:\wd_windows_tools\setup.exe

.

Contents of the 'Scheduled Tasks' folder

 

2008-04-16 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - ORPHANS REMOVED - - - -

 

SafeBoot-Wdf01000.sys

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sol.no/

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

LSP: c:\program files\Norman\npc\bin\nlf.dll

 

c:\program files\Samsung\Samsung PC Studio 3\UNICOWS.DLL - c:\windows\Downloaded Program Files\IPSUploader4.ocx

O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233}

hxxps://asp.photoprintit.de/microsite/5026/defaults/activex/ips/IPSUploader4.cab

c:\windows\Downloaded Program Files\IPSUploader4.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-17 14:17:39

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\users\Mari\AppData\Local\Temp\Cab5E74.tmp 27023 bytes

c:\users\Mari\AppData\Local\Temp\Tar5EA4.tmp 0 bytes

c:\users\Mari\AppData\Local\Microsoft\Windows\WER\ReportQueue\store.lock 0 bytes

 

scan completed successfully

hidden files: 3

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Norman\Npm\Bin\elogsvc.exe

c:\program files\Norman\Ngs\Bin\nprosec.exe

c:\windows\System32\audiodg.exe

c:\program files\Norman\Npm\Bin\Zanda.exe

c:\program files\Norman\Npm\Bin\nvoy.exe

c:\program files\Norman\Npf\Bin\npfsvc32.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\wlanext.exe

c:\windows\System32\BCMWLTRY.EXE

c:\windows\System32\AEstSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\stacsv.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Norman\Npm\Bin\nvcsched.exe

c:\program files\Norman\Npm\Bin\Njeeves.exe

c:\program files\Norman\Npc\Bin\npcsvc32.exe

c:\program files\Norman\Npc\Bin\nuaa.exe

c:\program files\Norman\nvc\bin\Nvcoas.exe

c:\windows\System32\conime.exe

c:\program files\Norman\Npf\Bin\npfuser.exe

c:\program files\Memeo\AutoBackup\MemeoLauncher.exe

c:\windows\System32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Norman\nvc\bin\Nip.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Norman\nvc\bin\CClaw.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\DellTPad\ApntEx.exe

c:\windows\System32\consent.exe

.

**************************************************************************

.

Completion time: 2008-11-17 14:35:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-17 13:33:55

 

Pre-Run: 31 974 232 064 byte ledig

Post-Run: 32,112,803,840 byte ledig

 

257 --- E O F --- 2008-11-15 00:37:55

 

 

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:41:29, on 17.11.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\Npm\Bin\Elogsvc.exe

C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\npf\bin\npfsvc32.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE

C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

C:\Program Files\Norman\npc\bin\npcsvc32.exe

C:\Program Files\Norman\npc\bin\nuaa.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norman\Nvc\Bin\nvcoas.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Norman\npf\bin\npfuser.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\p2phost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Norman\Nvc\Bin\Nip.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Memeo AutoBackup Launcher.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/5026/...PSUploader4.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 13335 bytes

 

 

 

Utrolig bra om noen kunne hjulpet meg, har null peiling på slikt selv, så stresser som en gal her nå i frykt for at alle notatene mine skal forsvinne.

[raWrz]

du har fått antivirus 2009 som er enkel og fjærne er det mest kjente malwaren som er ute og går mbam fjerner som regel det meste av den

[putetrekk]

Så jeg skal bare kjøre full skan med mbam, eller skal det være borte nå etter at jeg kjørte hurtig skan isted? Tusen takk for hjelpen, du er en knupp! Reddet virkelig dagen

[raWrz]

kan ta en full skann for og se om den finner mer elle så ser jeg i combofix loggen en tur

 

edit: skrive leif

Endret 17. november 2008 av Submit

[raWrz]

Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\windows\System32\drivers\lgmcmdm.sys

c:\windows\System32\drivers\lgmcunic.sys

c:\windows\System32\drivers\lgmcmgmt.sys

c:\windows\System32\drivers\lgmcobex.sys

c:\windows\System32\drivers\lgmcbus.sys

c:\windows\System32\drivers\lgmcnd5.sys

c:\windows\System32\drivers\lgmcmdfl.sys

c:\windows\System32\drivers\lgmcwhnt.sys

c:\windows\System32\drivers\lgmcwh.sys

c:\windows\System32\drivers\lgmccmnt.sys

c:\windows\System32\drivers\lgmccm.sys

c:\windows\System32\drivers\lgmccr.sys

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

[Tosha0007]

P2P Advarsel!

• Viktig Loggene viser at det finnes ett eller fler P2P (Person to Person) fildelingsprogram på maskinen din.
   
  Limewire
   
  Vær klar over at så lenge du bruker noen form for Peer-to-Peer nettverk for å laste ned filer fra en "uoffisiell" kilde, må du gå ut ifra at maskinen din kan bli infisert.
  Før i tiden ble P2P fildeling regnet som ganske trygt. Dette er ikke lenger tilfelle. Du kan fortsette å bruke P2P på din egen risiko, men husk at dette kan være kilden til din nåværende eller neste infeksjon.
   
  Referanser om risikoen for disse programmene, kan du finne i disse linkene:
   
  http://www.microsoft.com/windows/ie/commun...protection.mspx
  http://www.techweb.com/wire/160500554
  http://www.internetworldstats.com/articles/art053.htm
  Se en liste over rene/risikable P2P-programmer her: http://p2p.malwareremoval.com/
   
  Jeg anbefaler at du avinstallerer de nevnte programmene, men valget er ditt. Hvis du velger å fjerne disse programmene, kan du gjøre det fra Kontrollpanel->Legg til/fjern programmer.
   
  Hvis du ønsker å beholde programmet, ber jeg deg om å ikke bruke det før maskinen er ren for malware.
  

Endret 17. november 2008 av tosha0007

[putetrekk]

Vet ikke om jeg gjorde det helt riktig, men prøvde i alle fall:) Ligger i den rekkefølgen filnavnene ble lagt ut

 

 

A-Squared X

AntiVir X

ArcaVir X

Avast X

AVG Antivirus X

BitDefender Trojan.Crypt.Delf.F

ClamAV X

CPsecure X

Dr.Web Trojan.PWS.Banker.origin

F-Prot Antivirus W32/D_Banker!Generic

F-Secure Anti-Virus X

G DATA Trojan.Crypt.Delf.F

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 Trojan-Spy.xBank.51

 

 

 

A-Squared X

AntiVir X

ArcaVir X

Avast BV:AutoRun-G

AVG Antivirus X

BitDefender Trojan.Autorun.ZG

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA BV:AutoRun-G

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control BAT/AutoRun.AE

Panda Antivirus X

Sophos Antivirus W32/HostInf-A

VirusBuster X

VBA32 X

 

 

 

 

A-Squared Trojan.Win32.Pakes!IK

AntiVir TR/Crypt.XPACK.Gen

ArcaVir X

Avast Win32:Trojan-gen {Other}

AVG Antivirus SHeur.CBNP

BitDefender Packer.Krunchy.A

ClamAV X

CPsecure Troj.W32.Pakes.kcj

Dr.Web Trojan.Packed.162

F-Prot Antivirus W32/Heuristic-245!Eldorado

F-Secure Anti-Virus Trojan.Win32.Pakes.kcj

G DATA Win32:Trojan-gen

Ikarus Trojan.Win32.Pakes

Kaspersky Anti-Virus Trojan.Win32.Pakes.kcj

NOD32 probably a variant of Win32/Obfuscated

Norman Virus Control W32/Smalltroj.FVJZ

Panda Antivirus Trj/Pakes.EI

Sophos Antivirus Mal/Generic-A

VirusBuster X

VBA32 Trojan-Proxy.Win32.Agent.mf

 

 

 

A-Squared X

AntiVir BDS/Pcclient.GV.201

ArcaVir X

Avast Win32:PcClient-LP

AVG Antivirus Generic10.AGUH

BitDefender Trojan.Generic.741808

ClamAV X

CPsecure BackDoor.W32.PcClient.gv

Dr.Web X

F-Prot Antivirus W32/Heuristic-210!Eldorado

F-Secure Anti-Virus X

G DATA Win32:PcClient-LP

Ikarus Backdoor.Pcclient.GV

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus Generic

Sophos Antivirus Mal/Packer

VirusBuster X

VBA32 Downloader.Banload.15 (paranoid heuristics)

 

 

 

A-Squared X

AntiVir X

ArcaVir Heur.W32

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA X

Ikarus X

Kaspersky Anti-Virus X

NOD32 a variant of Win32/Kryptik.BT

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

 

A-Squared Backdoor.Rbot!IK

AntiVir X

ArcaVir X

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA X

Ikarus Backdoor.Rbot

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

 

A-Squared Win32.SuspectCrc!IK

AntiVir TR/Crypt.NSPM.Gen

ArcaVir Trojan.Rootkit.Ressdt.Bc

Avast X

AVG Antivirus Proxy

BitDefender Backdoor.Generic.56348

ClamAV X

CPsecure BackDoor.W32.Poison.dwo

Dr.Web Trojan.DownLoader.origin

F-Prot Antivirus W32/Onlinegames.gen

F-Secure Anti-Virus Rootkit.Win32.Ressdt.bc

G DATA Backdoor.Generic.56348

Ikarus Win32.SuspectCrc

Kaspersky Anti-Virus Rootkit.Win32.Ressdt.bc

NOD32 probably a variant of Win32/PSW.OnLineGames

Norman Virus Control W32/Smalltroj.FGXH

Panda Antivirus X

Sophos Antivirus Sus/UnkPacker

VirusBuster X

VBA32 Trojan.Sdter.16

 

 

 

A-Squared X

AntiVir TR/Spy.67072

ArcaVir X

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure Troj.W32.StartPage.bah

Dr.Web X

F-Prot Antivirus W32/Trojan2.ANYA

F-Secure Anti-Virus X

G DATA X

Ikarus Trojan.Win32.StartPage.bah

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus Generic

Sophos Antivirus X

VirusBuster X

VBA32 Trojan.Win32.StartPage.bah

 

 

 

 

A-Squared X

AntiVir HEUR/HTML.Malware

ArcaVir X

Avast VBS:ExeDropper-gen

AVG Antivirus VBS/VBSWG

BitDefender X

ClamAV X

CPsecure X

Dr.Web Trojan.MulDrop.500

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA VBS:ExeDropper-gen

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus Troj/Inor-Fam

VirusBuster X

VBA32 X

 

 

 

A-Squared X

AntiVir HEUR/HTML.Malware

ArcaVir X

Avast VBS:ExeDropper-gen

AVG Antivirus VBS/VBSWG

BitDefender X

ClamAV X

CPsecure X

Dr.Web Trojan.MulDrop.500

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA VBS:ExeDropper-gen

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus Troj/Inor-Fam

VirusBuster X

VBA32 X

 

 

 

A-Squared X

AntiVir X

ArcaVir X

Avast X

AVG Antivirus BackDoor.Bifrose.BN

BitDefender Trojan.Crypt.BH

ClamAV Trojan.Pakes-248

CPsecure X

Dr.Web Trojan.Packed.650

F-Prot Antivirus W32/Bifrost.B.gen!Eldorado

F-Secure Anti-Virus X

G DATA Trojan.Crypt.BH

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

[r2d290]

nvm

Endret 18. november 2008 av r2d290

[raWrz]

har du en mobil fra LG? eller instalert noe programm fra de?

[putetrekk]

Ja, instalerte den programvaren som var med. skulle jeg ikke gjort det?

[r2d290]

Joda Tror den bare forvirret oss litt, og ga en del false positive til antivirusprogrammene. Forøvrig synes jeg det er merkelig at Norman (som er installert på pc-en din) ikke reagerer på filene når jotti sin norman-søk gjør det. Men det er en helt annen sak.

 

Hva mener norbat/snippsat? Bør vi rapportere disse filene som false positive til alle de antivirusselskapene, eller?

 

ellers er loggene rene i mine øyne. Hvordan fungerer pc-en?

[putetrekk]

Den fungerer fint så lenge den er i bruk, men det har skjedd en kanskje 3-4ganger den siste måneden at når jeg slår ned skjermen så kom det et lit pip, så når jeg åpner den igjen står det at det er noe feil med hard-discken, også får jeg forskjellige valg ved å trykke f2 eller f5 og noe, men ingen av det fører til at noe skjer, så jeg har bare slått av maskinen manuelt, så har den vært helt fin igjen. Beklager virkelig for den elendlige forklaringen...Tusen takk for at dere orker å prøve å hjelpe meg altså

[norbat]

Kunne vært greit å sjekket de 3 første filene på Virustotal.com og sett hva den sier.

 

Tipper på at dette er falske positiver, men det kunne vært greit å fått bekreftet det av ett av av-prog. som melder flest - Bitdefender. Vet ikke om de har en egen meldeknapp for dette der filene kan lastes opp, men kanskje det går an å stille noe spm i forumet deres?

[putetrekk]

Sånn?

 

 

File lgmcmdm.sys received on 11.19.2008 16:47:08 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

 

 

Result: 0/36 (0%)

Loading server information...

Your file is queued in position: 2.

Estimated start time is between 46 and 66 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

 

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

 

 

Antivirus Version Last Update Result

AhnLab-V3 2008.11.18.2 2008.11.19 -

AntiVir 7.9.0.34 2008.11.19 -

Authentium 5.1.0.4 2008.11.18 -

Avast 4.8.1281.0 2008.11.18 -

AVG 8.0.0.199 2008.11.19 -

BitDefender 7.2 2008.11.19 -

CAT-QuickHeal 10.00 2008.11.19 -

ClamAV 0.94.1 2008.11.19 -

DrWeb 4.44.0.09170 2008.11.19 -

eSafe 7.0.17.0 2008.11.18 -

eTrust-Vet 31.6.6217 2008.11.19 -

Ewido 4.0 2008.11.19 -

F-Prot 4.4.4.56 2008.11.18 -

F-Secure 8.0.14332.0 2008.11.19 -

Fortinet 3.117.0.0 2008.11.19 -

GData 19 2008.11.19 -

Ikarus T3.1.1.45.0 2008.11.19 -

K7AntiVirus 7.10.528 2008.11.19 -

Kaspersky 7.0.0.125 2008.11.19 -

McAfee 5438 2008.11.18 -

Microsoft 1.4104 2008.11.19 -

NOD32 3624 2008.11.19 -

Norman 5.80.02 2008.11.19 -

Panda 9.0.0.4 2008.11.19 -

PCTools 4.4.2.0 2008.11.19 -

Prevx1 V2 2008.11.19 -

Rising 21.04.22.00 2008.11.19 -

SecureWeb-Gateway 6.7.6 2008.11.19 -

Sophos 4.35.0 2008.11.19 -

Sunbelt 3.1.1801.2 2008.11.14 -

Symantec 10 2008.11.19 -

TheHacker 6.3.1.1.158 2008.11.19 -

TrendMicro 8.700.0.1004 2008.11.19 -

VBA32 3.12.8.9 2008.11.19 -

ViRobot 2008.11.18.1474 2008.11.18 -

VirusBuster 4.5.11.0 2008.11.18 -

Additional information

File size: 110464 bytes

MD5...: d991dbee3a13f670928b4a9c07e67503

SHA1..: f86da2aee840dbbad88419151fe018738e921035

SHA256: 34bc177fcc2eb826312529b51966a4c3c270f90a2fa9b58e8160a60fa9871a6b

SHA512: 97de372c35c64e6c6e91c6780ec6d1476bb728cfb90f234b6072f6bafce0e892

6d8cd88490f80fcc509284ae0b03272632d82f570b0aba5118764f325caf22f1

PEiD..: -

TrID..: File type identification

Win64 Executable Generic (87.2%)

Win32 Executable Generic (8.6%)

Generic Win/DOS Executable (2.0%)

DOS Executable Generic (2.0%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x10300

timedatestamp.....: 0x4784e302 (Wed Jan 09 15:06:42 2008)

machinetype.......: 0x14c (I386)

 

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x300 0x15e20 0x15e80 6.49 a7f55330e4952625d7e4125afce5d534

.rdata 0x16180 0x1936 0x1980 4.40 b8386200880db622dd5324fefc07249f

.data 0x17b00 0x120 0x180 2.43 e3fdcb054689d42bf7dd6b37dac57d0b

INIT 0x17c80 0x866 0x880 5.47 e62ef29a3e420028fc48dcb9ca061f5c

.rsrc 0x18500 0x3a0 0x400 3.12 80be8f2ceb56978ce4769ffd1079270a

.reloc 0x18900 0xc6a 0xc80 6.39 18aaeb74bef81f4d3f349335a13a995e

 

( 4 imports )

> ntoskrnl.exe: RtlWriteRegistryValue, IoDeleteSymbolicLink, KeInitializeDpc, KeInitializeSpinLock, KeInitializeEvent, KeTickCount, KeQueryTimeIncrement, KeWaitForSingleObject, KeClearEvent, RtlCompareMemory, memmove, KeSetTimerEx, PoRequestPowerIrp, PoStartNextPowerIrp, KeInitializeTimerEx, IoAttachDeviceToDeviceStack, IofCallDriver, IoCreateUnprotectedSymbolicLink, RtlAppendUnicodeToString, ObReferenceObjectByPointer, IoDeleteDevice, IoDetachDevice, ZwClose, ZwSetValueKey, ZwQueryValueKey, KeDelayExecutionThread, KeResetEvent, IoFreeIrp, IoAllocateIrp, IoCreateDevice, ExAllocatePoolWithTag, KeReadStateTimer, IoGetDeviceProperty, RtlEqualUnicodeString, _except_handler3, KeSetEvent, InterlockedExchange, KeInitializeTimer, KeQuerySystemTime, _allmul, KeSetTimer, ObfDereferenceObject, KeInsertQueueDpc, IoReleaseCancelSpinLock, IofCompleteRequest, InterlockedIncrement, InterlockedDecrement, IoInitializeIrp, ExQueueWorkItem, IoAcquireCancelSpinLock, IoCancelIrp, RtlDeleteRegistryValue, KeCancelTimer, KeRemoveQueueDpc, RtlInitUnicodeString, ExFreePool

> HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, KfAcquireSpinLock

> USBD.SYS: USBD_GetUSBDIVersion

> lgmccm.sys: _MCCIWH_FindPoSetPowerState@4, _MCCIWH_QuerySystemVersion@4, _MCCIWH_QuerySystem98Gold@0, _MCCIWH_FindPoRequestPowerIrp@4, _MCCICM_ReestablishSerialConnection@4, _MCCICM_AddSerialDevice@8, _MCCIWH_FindIoSetDeviceInterfaceState@4, _MCCICM_RemoveSerialDevice@4, _MCCIWH_FindPoCallDriver@4, _MCCIWH_FindPoStartNextPowerIrp@4, _MCCIWH_FindIoOpenDeviceRegistryKey@4, _MCCIWH_FindPDOByDevNode@8, _MCCIWH_FindIoRegisterDeviceInterface@4, _MCCIWH_FindPDOByReference@20

 

( 0 exports )

 

 

 

File lgmcunic.sys received on 11.19.2008 16:51:06 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

 

 

Result: 0/36 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 38 and 55 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

 

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

 

 

Antivirus Version Last Update Result

AhnLab-V3 2008.11.18.2 2008.11.19 -

AntiVir 7.9.0.34 2008.11.19 -

Authentium 5.1.0.4 2008.11.18 -

Avast 4.8.1281.0 2008.11.18 -

AVG 8.0.0.199 2008.11.19 -

BitDefender 7.2 2008.11.19 -

CAT-QuickHeal 10.00 2008.11.19 -

ClamAV 0.94.1 2008.11.19 -

DrWeb 4.44.0.09170 2008.11.19 -

eSafe 7.0.17.0 2008.11.18 -

eTrust-Vet 31.6.6217 2008.11.19 -

Ewido 4.0 2008.11.19 -

F-Prot 4.4.4.56 2008.11.18 -

F-Secure 8.0.14332.0 2008.11.19 -

Fortinet 3.117.0.0 2008.11.19 -

GData 19 2008.11.19 -

Ikarus T3.1.1.45.0 2008.11.19 -

K7AntiVirus 7.10.528 2008.11.19 -

Kaspersky 7.0.0.125 2008.11.19 -

McAfee 5438 2008.11.18 -

Microsoft 1.4104 2008.11.19 -

NOD32 3624 2008.11.19 -

Norman 5.80.02 2008.11.19 -

Panda 9.0.0.4 2008.11.19 -

PCTools 4.4.2.0 2008.11.19 -

Prevx1 V2 2008.11.19 -

Rising 21.04.22.00 2008.11.19 -

SecureWeb-Gateway 6.7.6 2008.11.19 -

Sophos 4.35.0 2008.11.19 -

Sunbelt 3.1.1801.2 2008.11.14 -

Symantec 10 2008.11.19 -

TheHacker 6.3.1.1.158 2008.11.19 -

TrendMicro 8.700.0.1004 2008.11.19 -

VBA32 3.12.8.9 2008.11.19 -

ViRobot 2008.11.18.1474 2008.11.18 -

VirusBuster 4.5.11.0 2008.11.18 -

Additional information

File size: 109952 bytes

MD5...: 2e29da94e03474942b7cbf1952563c0a

SHA1..: aa90e9c96c22fec5f3006eaaad4ee737f80bf296

SHA256: 83c0e2039b0b710f816f418381bd009e7cec13dec1a3fb486b7fa285254a19e6

SHA512: 2886d9a8414e8551eb4a2defd1ea0683c5f1c60c28070eec87040c5c49032ffe

c539424c2b0f86c125db2acb597bd35eb9190554c407eb89e1f233ec75329de8

PEiD..: -

TrID..: File type identification

Win64 Executable Generic (87.2%)

Win32 Executable Generic (8.6%)

Generic Win/DOS Executable (2.0%)

DOS Executable Generic (2.0%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x10300

timedatestamp.....: 0x4784e492 (Wed Jan 09 15:13:22 2008)

machinetype.......: 0x14c (I386)

 

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x300 0x16214 0x16280 6.48 9a7d8b543730fd9f28df36f2a9e60cf7

.rdata 0x16580 0x150a 0x1580 5.50 b4c411e508c519ceafef1dfa19729f9e

.data 0x17b00 0x8 0x80 0.36 b61add4c47a21df08f40f3f2ec4a93cf

INIT 0x17b80 0x8b4 0x900 5.39 e0de0b194438e3593ddc0016456e048a

.rsrc 0x18480 0x390 0x400 3.04 fc0748a420cbda5b5aad483e6af1253c

.reloc 0x18880 0xaea 0xb00 6.24 c641274dd6b2d39fe9563a937a63c418

 

( 5 imports )

> ntoskrnl.exe: KeSetTimer, KeInitializeTimer, PoRequestPowerIrp, PoStartNextPowerIrp, KeInitializeTimerEx, IoAttachDeviceToDeviceStack, ExFreePool, ExAllocatePoolWithTag, KeDelayExecutionThread, InterlockedCompareExchange, IoReleaseCancelSpinLock, IoDeleteSymbolicLink, ObReferenceObjectByPointer, IofCallDriver, ZwClose, ZwQueryValueKey, IoDeleteDevice, IoAllocateIrp, ExfInterlockedAddUlong, IoAcquireCancelSpinLock, KeClearEvent, IoDetachDevice, RtlUnicodeStringToInteger, IoCreateUnprotectedSymbolicLink, RtlAppendUnicodeToString, KeReadStateTimer, IoGetDeviceProperty, RtlEqualUnicodeString, KeQuerySystemTime, RtlDeleteRegistryValue, ZwSetValueKey, memmove, _except_handler3, InterlockedDecrement, ObfDereferenceObject, InterlockedIncrement, KeInitializeSpinLock, KeInitializeDpc, KeInitializeEvent, KeResetEvent, KeSetEvent, IoCancelIrp, RtlCompareMemory, InterlockedExchange, KeCancelTimer, KeWaitForSingleObject, KeSetTimerEx, KeInsertQueueDpc, IoInitializeIrp, ExQueueWorkItem, IoCreateDevice, IoInvalidateDeviceRelations, KeQueryTimeIncrement, RtlInitUnicodeString, IoFreeIrp, IofCompleteRequest

> HAL.dll: KfRaiseIrql, KfAcquireSpinLock, KeGetCurrentIrql, KfReleaseSpinLock, KfLowerIrql

> USBD.SYS: USBD_GetUSBDIVersion

> lgmcwh.sys: _MCCIWH_FindPDOByDevNode@8, _MCCIWH_FindIoOpenDeviceRegistryKey@4, _MCCIWH_FindIoRegisterDeviceInterface@4, _MCCIWH_FindIoSetDeviceInterfaceState@4, _MCCIWH_FindPoCallDriver@4, _MCCIWH_FindPoStartNextPowerIrp@4, _MCCIWH_FindPoRequestPowerIrp@4, _MCCIWH_FindPoSetPowerState@4, _MCCIWH_QuerySystemVersion@4, _MCCIWH_FindIoGetAttachedDeviceReference@4, _MCCIWH_QuerySystem98Gold@0, _MCCIWH_FindPDOByReference@20

> lgmccr.sys: _crwdm_call@12

 

( 0 exports )

 

 

 

File lgmcmgmt.sys received on 11.19.2008 16:54:40 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

 

 

Result: 0/36 (0%)

Loading server information...

Your file is queued in position: ___.

Estimated start time is between ___ and ___ .

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

 

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

 

 

Antivirus Version Last Update Result

AhnLab-V3 2008.11.18.2 2008.11.19 -

AntiVir 7.9.0.34 2008.11.19 -

Authentium 5.1.0.4 2008.11.18 -

Avast 4.8.1281.0 2008.11.18 -

AVG 8.0.0.199 2008.11.19 -

BitDefender 7.2 2008.11.19 -

CAT-QuickHeal 10.00 2008.11.19 -

ClamAV 0.94.1 2008.11.19 -

DrWeb 4.44.0.09170 2008.11.19 -

eSafe 7.0.17.0 2008.11.18 -

eTrust-Vet 31.6.6216 2008.11.19 -

Ewido 4.0 2008.11.19 -

F-Prot 4.4.4.56 2008.11.18 -

F-Secure 8.0.14332.0 2008.11.19 -

Fortinet 3.117.0.0 2008.11.19 -

GData 19 2008.11.19 -

Ikarus T3.1.1.45.0 2008.11.19 -

K7AntiVirus 7.10.528 2008.11.19 -

Kaspersky 7.0.0.125 2008.11.19 -

McAfee 5438 2008.11.18 -

Microsoft 1.4104 2008.11.19 -

NOD32 3624 2008.11.19 -

Norman 5.80.02 2008.11.19 -

Panda 9.0.0.4 2008.11.19 -

PCTools 4.4.2.0 2008.11.19 -

Prevx1 V2 2008.11.19 -

Rising 21.04.22.00 2008.11.19 -

SecureWeb-Gateway 6.7.6 2008.11.19 -

Sophos 4.35.0 2008.11.19 -

Sunbelt 3.1.1801.2 2008.11.14 -

Symantec 10 2008.11.19 -

TheHacker 6.3.1.1.158 2008.11.19 -

TrendMicro 8.700.0.1004 2008.11.19 -

VBA32 3.12.8.9 2008.11.19 -

ViRobot 2008.11.18.1474 2008.11.18 -

VirusBuster 4.5.11.0 2008.11.18 -

Additional information

File size: 104448 bytes

MD5...: 9761981c9656abd1f13a6fc7b2d6b431

SHA1..: bdbcb9f47e56b84b0abe9408eb436f50c16575e4

SHA256: 1438bafd63f34ae809e2bb02b2b585c5435d2bc36b2836dece183ab06de43291

SHA512: e856e9de5dd0d795adfe299ae40c094ff17d93ffb1dce7fab265956e59b6c4b0

781f76866b86dd7c515967a0aa6aa5d5e0e313781ea7f0e16bfdf63c7f458911

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x10300

timedatestamp.....: 0x4784e38f (Wed Jan 09 15:09:03 2008)

machinetype.......: 0x14c (I386)

 

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x300 0x14ab2 0x14b00 6.46 0f5ca444983c5769d813a8e9332ff838

.rdata 0x14e00 0x15a9 0x1600 4.36 c321ddd3bf395c65189ddac611d3bfd1

.data 0x16400 0x128 0x180 2.35 8780d6476a855882eb0300e27876ae4d

INIT 0x16580 0x846 0x880 5.33 cac5c624e6bce298364dfb1f3d8ec80b

.rsrc 0x16e00 0x3c8 0x400 3.19 4ccc9bb91650ca58e60418bc22e08e58

.reloc 0x17200 0xbaa 0xc00 6.30 46ad87f797915e457266d441d5220717

 

( 4 imports )

> ntoskrnl.exe: ObfDereferenceObject, KeSetTimer, KeQuerySystemTime, IoCreateUnprotectedSymbolicLink, RtlWriteRegistryValue, IoDeleteSymbolicLink, memmove, RtlCompareMemory, KeSetTimerEx, KeWaitForSingleObject, PoRequestPowerIrp, PoStartNextPowerIrp, KeInitializeTimerEx, IoAttachDeviceToDeviceStack, IofCallDriver, RtlInitUnicodeString, KeInsertQueueDpc, ObReferenceObjectByPointer, IoDeleteDevice, IoDetachDevice, ZwClose, ZwSetValueKey, ZwQueryValueKey, KeDelayExecutionThread, KeQueryTimeIncrement, IoFreeIrp, IoAllocateIrp, IoCreateDevice, KeReadStateTimer, IoGetDeviceProperty, RtlEqualUnicodeString, ExAllocatePoolWithTag, _except_handler3, IofCompleteRequest, RtlDeleteRegistryValue, KeCancelTimer, KeRemoveQueueDpc, ExFreePool, KeInitializeSpinLock, KeInitializeTimer, KeInitializeDpc, InterlockedExchange, KeClearEvent, InterlockedDecrement, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IoCancelIrp, KeInitializeEvent, KeResetEvent, IoInitializeIrp, ExQueueWorkItem, KeSetEvent, RtlAppendUnicodeToString, InterlockedIncrement

> HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, KfAcquireSpinLock

> USBD.SYS: USBD_GetUSBDIVersion

> lgmccm.sys: _MCCIWH_FindPoSetPowerState@4, _MCCIWH_QuerySystemVersion@4, _MCCIWH_QuerySystem98Gold@0, _MCCIWH_FindPoRequestPowerIrp@4, _MCCICM_ReestablishSerialConnection@4, _MCCICM_AddSerialDevice@8, _MCCIWH_FindIoSetDeviceInterfaceState@4, _MCCICM_RemoveSerialDevice@4, _MCCIWH_FindPoCallDriver@4, _MCCIWH_FindPoStartNextPowerIrp@4, _MCCIWH_FindIoOpenDeviceRegistryKey@4, _MCCIWH_FindPDOByDevNode@8, _MCCIWH_FindIoRegisterDeviceInterface@4, _MCCIWH_FindPDOByReference@20

 

( 0 exports )

 

 

 

[norbat]

Ja, og dette ser fint ut. La derfor filene være i fred da de tilhører LG.

[putetrekk]

SÅ nå er dataen min frisk igjen? Ikke mere jeg trenger å gjøre

[Bruker-158599]

Joda Tror den bare forvirret oss litt, og ga en del false positive til antivirusprogrammene. Forøvrig synes jeg det er merkelig at Norman (som er installert på pc-en din) ikke reagerer på filene når jotti sin norman-søk gjør det. Men det er en helt annen sak.

 

Hva mener norbat/snippsat? Bør vi rapportere disse filene som false positive til alle de antivirusselskapene, eller?

 

ellers er loggene rene i mine øyne. Hvordan fungerer pc-en?

Det er ikke sikker norman er oppdatert. Eller en gamlere versjon ikke securitysuite.

 

SÅ nå er dataen min frisk igjen? Ikke mere jeg trenger å gjøre

Hvis du ikke merker noe så regner jeg med det. Det er ikke sikkert at alt er vekk. Regner med at Norbat vet det.

[norbat]

Ja, og dette ser fint ut. La derfor filene være i fred da de tilhører LG.

 

Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør)