Gå til innhold

[Løst]Antivirus som instalerte av seg selv, og ser ut til at det er et virus....


Anbefalte innlegg

Høres ganske rart ut, men satt og så på en film så kom det opp en melding. You have 18 threats on your computer. Også var det fra et program som jeg ikke har innstalert. Det heter sexurity tool. Og etter dette programmet kom opp så ber de meg om å kjøpe full versjonen av det. Og skrive bakgrunnen min har forsvunnet samt alle skrivebords ikonene. Så vet noen hva jeg kan gjøre?`

 

Edit:

 

Det går ikke an å lukke programmet heller, finner det heller ikke på "fjern programmer"

 

Kjekker tråden når jeg har stått opp.

Endret av elhacko
Lenke til kommentar
Videoannonse
Annonse

tok en Malwarebytes' Anti-Malware scan. Det kom opp noen infiserte filer. Trykte på fjern og nå kommer ikke dette "virus programmet" opp mer. Poster loggen så dere kan se om det er blitt fjernet?

 

Klikk for å se/fjerne innholdet nedenfor
Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2927

Windows 5.1.2600 Service Pack 2

 

09.10.2009 04:39:39

mbam-log-2009-10-09 (04-39-35).txt

 

Skanntype: Rask Skann

Objekter skannet: 99048

Tid tilbakelagt: 3 minute(s), 56 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 3

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 5

 

Minneprosesser infisert:

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run9230620 (Trojan.FakeAlert.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

C:\Documents and Settings\All Users\Programdata9230620 (Rogue.Multiple) -> No action taken.

 

Filer infisert:

C:\Documents and Settings\All Users\Programdata92306209230620.exe (Trojan.FakeAlert.H) -> No action taken.

C:\Documents and Settings\Andreas\Skrivebord\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

C:\Documents and Settings\Andreas\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

C:\Programfiler\Explorer\keys.txt (Password.Stealer) -> No action taken.

C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> No action taken.

Endret av elhacko
Lenke til kommentar

Her er combofix loggen.

 

 

Klikk for å se/fjerne innholdet nedenfor
ComboFix 09-10-07.05 - Andreas 09.10.2009 4:47.4.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.3326.2674 [GMT 2:00]

Kjører fra: c:\documents and settings\Andreas\Mine dokumenter\Downloads\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\recycler\NPROTECT0000000.DAT

c:\recycler\NPROTECT0000001.DAT

c:\recycler\NPROTECT0000002

c:\recycler\NPROTECT0000003

c:\recycler\NPROTECT0000004

c:\recycler\NPROTECT0000005

c:\recycler\NPROTECT0000006

c:\recycler\NPROTECT0000007

c:\recycler\NPROTECT0000009

c:\recycler\NPROTECT0000011

c:\recycler\NPROTECT0000012

c:\recycler\NPROTECT0000013

c:\recycler\NPROTECT0000014

c:\recycler\NPROTECT0000017.DAT

c:\recycler\NPROTECT0000018

c:\recycler\NPROTECT0000019

c:\recycler\NPROTECT0000020

c:\recycler\NPROTECT0000021

c:\recycler\NPROTECT0000022

c:\recycler\NPROTECT0000023

c:\recycler\NPROTECT0000024

c:\recycler\NPROTECT0000026

c:\recycler\NPROTECT0000027.DAT

c:\recycler\NPROTECT0000028

c:\recycler\NPROTECT0000029

c:\recycler\NPROTECT0000030

c:\recycler\NPROTECT0000031

c:\recycler\NPROTECT0000032

c:\recycler\NPROTECT0000033

c:\recycler\NPROTECT0000034

c:\recycler\NPROTECT0000035

c:\recycler\NPROTECT0000036

c:\recycler\NPROTECT0000037

c:\recycler\NPROTECT0000038

c:\recycler\NPROTECT0000039

c:\recycler\NPROTECT0000040

c:\recycler\NPROTECT0000041

c:\recycler\NPROTECT0000042

c:\recycler\NPROTECT0000043

c:\recycler\NPROTECT0000044

c:\recycler\NPROTECT0000045

c:\recycler\NPROTECT0000046

c:\recycler\NPROTECT0000049

c:\recycler\NPROTECT0000050

c:\recycler\NPROTECT0000051

c:\recycler\NPROTECT0000052

c:\recycler\NPROTECT0000053

c:\recycler\NPROTECT0000054

c:\recycler\NPROTECT0000055

c:\recycler\NPROTECT0000056

c:\recycler\NPROTECT0000059

c:\recycler\NPROTECT0000060

c:\recycler\NPROTECT0000061

c:\recycler\NPROTECT0000062

c:\recycler\NPROTECT0000064

c:\recycler\NPROTECT0000066

c:\recycler\NPROTECT0000067

c:\recycler\NPROTECT0000068

c:\recycler\NPROTECT0000071

c:\recycler\NPROTECT0000072

c:\recycler\NPROTECT0000073

c:\recycler\NPROTECT0000074

c:\recycler\NPROTECT0000075

c:\recycler\NPROTECT0000076

c:\recycler\NPROTECT0000077

c:\recycler\NPROTECT0000078

c:\recycler\NPROTECT0000080

c:\recycler\NPROTECT0000081

c:\recycler\NPROTECT0000082

c:\recycler\NPROTECT0000084

c:\recycler\NPROTECT0000085

c:\recycler\NPROTECT0000086

c:\recycler\NPROTECT0000088

c:\recycler\NPROTECT0000089

c:\recycler\NPROTECT0000090

c:\recycler\NPROTECT0000091

c:\recycler\NPROTECT0000092

c:\recycler\NPROTECT0000093

c:\recycler\NPROTECT0000095

c:\recycler\NPROTECT0000096

c:\recycler\NPROTECT0000097

c:\recycler\NPROTECT0000098

c:\recycler\NPROTECT0000099

c:\recycler\NPROTECT0000101

c:\recycler\NPROTECT0000102

c:\recycler\NPROTECT0000103

c:\recycler\NPROTECT0000104

c:\recycler\NPROTECT0000105

c:\recycler\NPROTECT0000106

c:\recycler\NPROTECT0000107

c:\recycler\NPROTECT0000108

c:\recycler\NPROTECT0000109

c:\recycler\NPROTECT0000110

c:\recycler\NPROTECT0000111

c:\recycler\NPROTECT0000112

c:\recycler\NPROTECT0000113

c:\recycler\NPROTECT0000117

c:\recycler\NPROTECT0000118.dat

c:\recycler\NPROTECT0000119.dat

c:\recycler\NPROTECT0000120

c:\recycler\NPROTECT0000121

c:\recycler\NPROTECT0000122

c:\recycler\NPROTECT0000123

c:\recycler\NPROTECT0000124

c:\recycler\NPROTECT0000125

c:\recycler\NPROTECT0000126

c:\recycler\NPROTECT0000127

c:\recycler\NPROTECT0000129

c:\recycler\NPROTECT0000131.dat

c:\recycler\NPROTECT0000133

c:\recycler\NPROTECT0000134

c:\recycler\NPROTECT0000135.bat

c:\recycler\NPROTECT0000136

c:\recycler\NPROTECT0000137

c:\recycler\NPROTECT0000138

c:\recycler\NPROTECT0000139

c:\recycler\NPROTECT0000140

c:\recycler\NPROTECT0000142

c:\recycler\NPROTECT0000143

c:\recycler\NPROTECT0000145

c:\recycler\NPROTECT0000146

c:\recycler\NPROTECT0000147

c:\recycler\NPROTECT0000150

c:\recycler\NPROTECT0000151

c:\recycler\NPROTECT0000152

c:\recycler\NPROTECT0000153

c:\recycler\NPROTECT0000154

c:\recycler\NPROTECT0000155

c:\recycler\NPROTECT0000156

c:\recycler\NPROTECT0000158

c:\recycler\NPROTECT0000159

c:\recycler\NPROTECT0000160

c:\recycler\NPROTECT0000161

c:\recycler\NPROTECT0000162

c:\recycler\NPROTECT0000163

c:\recycler\NPROTECT0000164

c:\recycler\NPROTECT0000165

c:\recycler\NPROTECT0000166

c:\recycler\NPROTECT0000167

c:\recycler\NPROTECT0000168

c:\recycler\NPROTECT0000169

c:\recycler\NPROTECT0000170

c:\recycler\NPROTECT0000171

c:\recycler\NPROTECT0000172

c:\recycler\NPROTECT0000173

c:\recycler\NPROTECT0000174

c:\recycler\NPROTECT0000175

c:\recycler\NPROTECT0000176

c:\recycler\NPROTECT0000177

c:\recycler\NPROTECT0000179

c:\recycler\NPROTECT0000180

c:\recycler\NPROTECT0000181

c:\recycler\NPROTECT0000182

c:\recycler\NPROTECT0000185

c:\recycler\NPROTECT0000188.SYS

c:\recycler\NPROTECT0000190.SYS

c:\recycler\NPROTECT0000192.SYS

c:\recycler\NPROTECT0000193

c:\recycler\NPROTECT0000194

c:\recycler\NPROTECT0000195

c:\recycler\NPROTECT0000196

c:\recycler\NPROTECT0000197

c:\recycler\NPROTECT0000198

c:\recycler\NPROTECT0000199

c:\recycler\NPROTECT0000200

c:\recycler\NPROTECT0000201

c:\recycler\NPROTECT0000202

c:\recycler\NPROTECT0000203

c:\recycler\NPROTECT0000204.dat

c:\recycler\NPROTECT0000205

c:\recycler\NPROTECT0000206.bad

c:\recycler\NPROTECT0000207

c:\recycler\NPROTECT0000208

c:\recycler\NPROTECT0000209

c:\recycler\NPROTECT0000210

c:\recycler\NPROTECT0000211

c:\recycler\NPROTECT0000217.md5

C:\test.txt

d:\recycler\NPROTECT\NPROTECT.LOG

e:\recycler\NPROTECT\NPROTECT.LOG

f:\recycler\NPROTECT\NPROTECT.LOG

g:\recycler\NPROTECT\NPROTECT.LOG

c:\recycler\NPROTECT . . . . kunne ikke slettes

c:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes

d:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes

e:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes

f:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes

g:\recycler\NPROTECT\NPROTECT.LOG . . . . kunne ikke slettes

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-09 til 2009-10-09 )))))))))))))))))))))))))))))))))

.

 

2009-10-08 02:12 . 2009-10-08 02:12 108632 ----a-w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat

2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\documents and settings\Andreas\Programdata\uniblue

2009-10-07 00:04 . 2009-10-07 00:04 -------- d-----w- c:\programfiler\Uniblue

2009-09-30 20:29 . 2009-09-30 20:29 -------- d-----w- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\MagicSoftware

2009-09-30 20:29 . 2009-09-30 20:29 -------- d-----w- c:\programfiler\MagicDVDRipper

2009-09-23 20:30 . 2009-09-23 20:30 -------- d-----w- c:\documents and settings\Andreas\Programdata\NesterSoft

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-09 02:54 . 2008-05-31 23:03 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP

2009-10-09 02:54 . 2008-04-30 23:19 -------- d-----w- c:\programfiler\DNA

2009-10-09 02:54 . 2008-04-30 23:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\DNA

2009-10-09 02:39 . 2009-01-04 19:06 -------- d--h--w- c:\programfiler\Explorer

2009-10-09 02:23 . 2008-04-25 20:23 -------- d-----w- c:\documents and settings\Andreas\Programdata\skypePM

2009-10-09 02:21 . 2008-04-30 23:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\BitTorrent

2009-10-09 02:09 . 2008-04-25 20:19 -------- d-----w- c:\documents and settings\Andreas\Programdata\Skype

2009-10-09 01:09 . 2008-10-11 14:34 -------- d-----w- c:\documents and settings\Andreas\Programdata\mIRC

2009-10-08 23:10 . 2009-02-13 20:33 -------- d-----w- c:\documents and settings\Andreas\Programdata\Spotify

2009-10-08 23:09 . 2008-09-14 00:10 -------- d-----w- c:\documents and settings\Andreas\Programdata\teamspeak2

2009-10-08 18:11 . 2009-02-18 15:54 -------- d-----w- c:\programfiler\PokerStars

2009-10-04 00:44 . 2008-06-20 02:53 -------- d-----w- c:\programfiler\Fellesfiler\Apple

2009-09-28 10:00 . 2009-02-01 14:53 -------- d-----w- c:\programfiler\Norton SystemWorks

2009-09-22 20:36 . 2008-04-22 09:29 -------- d-----w- c:\programfiler\Windows Live Safety Center

2009-09-13 19:44 . 2008-05-04 12:32 -------- d-----w- c:\documents and settings\Andreas\Programdata\Ventrilo

2009-09-10 12:54 . 2008-09-11 16:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2008-09-11 16:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-10 10:33 . 2008-04-19 12:29 -------- d-----w- c:\programfiler\Microsoft Silverlight

2009-09-09 14:00 . 2008-05-04 12:31 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-09-08 20:49 . 2009-09-08 20:49 -------- d-----w- c:\documents and settings\Andreas\Programdata\PowerChallenge

2009-09-06 00:59 . 2009-01-23 15:49 -------- d-----w- c:\documents and settings\Andreas\Programdata\Mumble

2009-09-05 00:45 . 2008-04-19 14:11 -------- d-----w- c:\programfiler\Opera

2009-09-03 17:53 . 2009-09-03 17:48 -------- d-----w- c:\documents and settings\Andreas\Programdata\Dev-Cpp

2009-08-29 13:49 . 2009-02-09 16:56 20920 ----a-w- c:\documents and settings\Gjest\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-08-27 15:21 . 2008-10-11 20:50 -------- d-----w- c:\documents and settings\Andreas\Programdata\TeamViewer

2009-08-27 15:21 . 2009-08-27 15:21 -------- d-----w- c:\programfiler\TeamViewer

2009-08-26 22:36 . 2009-08-26 22:36 0 ----a-r- C:\logwmemory.bin

2009-08-24 09:47 . 2008-06-01 21:24 20920 ----a-w- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-08-23 21:01 . 2009-08-23 20:57 -------- d-----w- c:\documents and settings\Andreas\Programdata\X-Chat 2

2009-08-23 20:57 . 2009-08-23 20:56 -------- d-----w- c:\programfiler\X-Chat 2

2009-08-21 13:05 . 2009-08-04 03:40 -------- d-----w- c:\documents and settings\Andreas\Programdata\Xfire

2009-08-18 17:36 . 2009-08-04 03:40 -------- d-----w- c:\programfiler\Xfire

2009-08-17 12:03 . 2008-05-01 00:16 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-08-15 15:36 . 2007-08-02 12:00 75808 ----a-w- c:\windows\system32\perfc014.dat

2009-08-15 15:36 . 2007-08-02 12:00 435984 ----a-w- c:\windows\system32\perfh014.dat

2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll

2009-08-09 12:18 . 2009-07-24 16:20 20480 ----a-w- c:\windows\c3a5m5p4s2taf2af.exe

2009-08-06 17:24 . 2008-04-11 16:52 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 17:24 . 2008-04-11 16:52 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 17:24 . 2008-04-11 16:52 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 17:24 . 2008-04-11 16:52 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 17:24 . 2007-08-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 17:23 . 2008-04-11 16:52 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 17:23 . 2008-04-19 10:32 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 17:23 . 2008-04-19 10:32 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 17:23 . 2008-04-11 16:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:11 . 2007-08-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-18 19:32 . 2009-07-18 19:32 14338 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-07-18 19:30 . 2008-11-22 14:51 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe

2009-07-17 19:01 . 2007-08-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 00:18 . 2007-08-02 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-26 08:32 279944 ----a-w- c:\programfiler\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2008-04-03 21898024]

"Google Update"="c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]

"Steam"="d:\steam\steam\steam.exe" [2009-10-06 1217784]

"BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2008-12-15 342848]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ProxyWay"="g:\programfiler\ProxyWay\proxyway.exe" [2009-08-25 368128]

"Fraps"="g:\fraps\FRAPS.EXE" [2008-12-19 2498216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-09-18 144792]

"Adobe Reader Speed Launcher"="d:\adobe\Reader 8.0\Reader\reader_sl.exe" [2008-01-11 39792]

"NSWosCheck"="c:\programfiler\Norton SystemWorks\osCheck.exe" [2008-09-25 160112]

"NswUiTray"="c:\programfiler\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-01-30 16116224]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-08-02 15360]

 

c:\documents and settings\Andreas\Start-meny\Programmer\Oppstart\

TimeLeft.lnk - d:\programfiler\TimeLeft3\TimeLeft.exe [2009-9-23 2013880]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Launchy.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Launchy.lnk

backup=c:\windows\pss\Launchy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\DNA\\btdna.exe"=

"d:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"c:\\Programfiler\\FlashFXP\\FlashFXP.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"d:\\Programfiler\\LimeWire\\LimeWire.exe"=

"d:\\ICQ6.5\\ICQ.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\EslWire\\wire.exe"=

"c:\\Programfiler\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"18062:TCP"= 18062:TCP:BitComet 18062 TCP

"18062:UDP"= 18062:UDP:BitComet 18062 UDP

 

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [02.10.2007 14:46 124832]

R2 ICQ Service;ICQ Service;c:\programfiler\ICQ6Toolbar\ICQ Service.exe [06.02.2009 00:04 222456]

R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [25.09.2008 15:53 95600]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [22.11.2008 13:53 23064]

S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice --> c:\xampp\apache\bin\apache.exe [?]

S3 ALLOW-IO;ALLOW-IO;\??\h:\allow-io.sys --> h:\ALLOW-IO.sys [?]

S3 ChangeMe;ChangeMe;\??\c:\docume~1\Andreas\LOKALE~1\Temp\ChangeMe.sys --> c:\docume~1\Andreas\LOKALE~1\Temp\ChangeMe.sys [?]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1770027372-839522115-1003Core.job

- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-07 20:06]

 

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1770027372-839522115-1003UA.job

- c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-07 20:06]

 

2009-10-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\programfiler\Norton SystemWorks\OBC.exe [2008-09-25 13:52]

 

2009-10-09 c:\windows\Tasks\SDMsgUpdate (TE).job

- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-12-07 05:29]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://start.icq.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = socks=

FF - ProfilePath - c:\documents and settings\Andreas\Programdata\Mozilla\Firefox\Profiles\nhkc6sa5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Andreas\Programdata\Mozilla\Firefox\Profiles\nhkc6sa5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\docume~1\Andreas\PROGRA~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\documents and settings\Andreas\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-09 04:54

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'explorer.exe'(3640)

c:\windows\system32\browselc.dll

c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\programfiler\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.NOR

F:\dBShell.dll

d:\adobe\Reader 8.0\Reader\ViewerPS.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe

c:\windows\system32\wdfmgr.exe

c:\programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\rundll32.exe

c:\windows\ALCFDRTM.EXE

d:\adobe\Reader 8.0\Reader\AcroRd32Info.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-10-09 4:58 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-10-09 02:58

 

Pre-Run: 10 818 478 080 byte ledig

Post-Run: 11 686 223 872 byte ledig

 

418 --- E O F --- 2009-09-09 23:03

Endret av elhacko
Lenke til kommentar

Jeg har scannet filen på virustotal fant følgende:

 

Klikk for å se/fjerne innholdet nedenfor
Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.08.13 Virus.Win32.Small!IK

AhnLab-V3 5.0.0.2 2009.08.12 -

AntiVir 7.9.1.1 2009.08.13 TR/VB.udp

Antiy-AVL 2.0.3.7 2009.08.13 -

Authentium 5.1.2.4 2009.08.13 -

Avast 4.8.1335.0 2009.08.12 Win32:Small-MZS

AVG 8.5.0.406 2009.08.13 -

BitDefender 7.2 2009.08.13 -

CAT-QuickHeal 10.00 2009.08.13 -

ClamAV 0.94.1 2009.08.13 -

Comodo 1859 2009.08.13 TrojWare.Win32.VB.udp

DrWeb 5.0.0.12182 2009.08.13 -

eSafe 7.0.17.0 2009.08.11 -

eTrust-Vet 31.6.6675 2009.08.13 -

F-Prot 4.4.4.56 2009.08.12 -

F-Secure 8.0.14470.0 2009.08.13 Trojan.Win32.VB.udp

Fortinet 3.120.0.0 2009.08.13 W32/VB.UDP!tr

GData 19 2009.08.13 Win32:Small-MZS

Ikarus T3.1.1.64.0 2009.08.13 Virus.Win32.Small

Jiangmin 11.0.800 2009.08.13 -

K7AntiVirus 7.10.817 2009.08.12 -

Kaspersky 7.0.0.125 2009.08.13 Trojan.Win32.VB.udp

McAfee 5707 2009.08.12 -

McAfee+Artemis 5707 2009.08.12 Artemis!78CCF64A415C

McAfee-GW-Edition 6.8.5 2009.08.13 Trojan.VB.udp

Microsoft 1.4903 2009.08.13 -

NOD32 4331 2009.08.13 -

Norman 2009.08.12 -

nProtect 2009.1.8.0 2009.08.13 -

Panda 10.0.0.14 2009.08.12 Adware/AccesMembre

PCTools 4.4.2.0 2009.08.12 -

Prevx 3.0 2009.08.13 High Risk Cloaked Malware

Rising 21.42.32.00 2009.08.13 -

Sophos 4.44.0 2009.08.13 -

Sunbelt 3.2.1858.2 2009.08.13 Trojan.Win32.Generic!BT

Symantec 1.4.4.12 2009.08.13 -

TheHacker 6.3.4.3.383 2009.08.13 -

TrendMicro 8.950.0.1094 2009.08.13 -

VBA32 3.12.10.9 2009.08.13 -

ViRobot 2009.8.13.1883 2009.08.13 -

VirusBuster 4.6.5.0 2009.08.12 -

Additional information

File size: 20480 bytes

MD5 : 78ccf64a415c639a41e5d05c441d46f1

SHA1 : c68bff0251399a7a7db99eca69498bb76de523b5

SHA256: 32c7b9bf6ed35b46b5054bb1b4512db4587d11f09248555d306f020f47b4d3ab

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x46F8

timedatestamp.....: 0x4A7E9B65 (Sun Aug 9 11:48:21 2009)

machinetype.......: 0x14C (Intel I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x3B2A 0x3C00 6.49 1f16c6c766d64708fb3a12745e38411f

.rdata 0x5000 0xD5E 0xE00 5.97 054bffbedaaa7901c00595637ace13a4

.data 0x6000 0xFF8 0x200 1.04 b205497d1115ea006e34272851543ceb

 

( 3 imports )

 

> kernel32.dll: Sleep, GetModuleFileNameA, GetStartupInfoA, GetTickCount, LoadLibraryA, GetModuleHandleA, GetProcAddress, ExitProcess

> msvcp71.dll: __Nomemory@std@@YAXXZ

> msvcr71.dll: strcpy, __3@YAXPAX@Z, strcmp, srand, memcpy, ___V@YAXPAX@Z, strchr, exit, sprintf, strtok, strncpy, malloc, _vsnprintf, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _except_handler3, __CxxFrameHandler, strstr, strlen, rand, strcat, memset, _callnewh

 

( 0 exports )

TrID : File type identification

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ssdeep: 384:XJsiV09BWVnYTprmUPoui5J+9KmhWT3KfNwURv/kxyqaBI2gxi0eoEhPgVc5ERFH:XJs209BWVnYTprnoR5J+9KmhWT3KfNwi

Prevx Info: http://info.prevx.com/aboutprogramtext.asp...E79B3008A4AC0A4

PEiD : -

RDS : NSRL Reference Data Set

-

Lenke til kommentar

Fikk slettet filen, Føler att pc'en min går litt treigere en før. Men kansje bare jeg som er litt paranoid? :wow:

 

Annyway her er mbam loggen

 

Klikk for å se/fjerne innholdet nedenfor
Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2927

Windows 5.1.2600 Service Pack 2

 

09.10.2009 15:19:24

mbam-log-2009-10-09 (15-19-24).txt

 

Skanntype: Rask Skann

Objekter skannet: 98975

Tid tilbakelagt: 3 minute(s), 14 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...