holmium Skrevet 3. mai 2009 Del Skrevet 3. mai 2009 Problem: Pop up fra noe som kalles Platte International, det poper opp en faktura som kommer 7-8 ganger. Adressefeltet sier c:\"div tall""div tegn", disse er forskjellige fra gang til gang og lar seg ikke finne ved søk på maskinen. Ip er logget og benyttes som referanse for skyldig beløp. Hva er dette og hvordan blir jeg kvitt det? Har prøvd Norton 360, Ad-aware (freeware) og Spybot uten hell. Har nå prøvd Malware, for se om det gjør susen. ----------------------------------------- Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2071 Windows 6.0.6001 Service Pack 1 03.05.2009 22:36:27 mbam-log-2009-05-03 (22-36-27).txt Skanntype: Rask Skann Objekter skannet: 74924 Tid tilbakelagt: 9 minute(s), 13 second(s) Minneprosesser infisert: 2 Minnemoduler infisert: 1 Registernøkler infisert: 7 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 5 Minneprosesser infisert: C:\Windows\System32\pm_proc1.exe (Trojan.Agent) -> Failed to unload process. c:\Windows\System32\pm_proc2.exe (Trojan.Agent) -> Failed to unload process. Minnemoduler infisert: C:\Windows\System32\pm_dll.dll (Trojan.BHO) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{31a55ff6-32a4-4ae2-95fe-7891637f3dae} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c056b0ec-6369-452b-9879-b95a1beb0f16} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d760db63-50ba-43b5-9916-29577df6c959} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9901d610-a360-4325-b787-d13bbf4f2a1c} (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plsi (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\pm_dll.dll (Trojan.BHO.H) -> Delete on reboot. C:\A (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\pm_proc1.exe (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\pm_proc2.exe (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\pm_ax.ocx (Trojan.Agent) -> Quarantined and deleted successfully. -------------------------- Den andre logen kommer ikke opp, virker som den ikke blir tildelt et navn. -------------- Lenke til kommentar
Fin Skjorte Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 @holmium: Gjør som førsteposten i denne tråden sier og opprett egen tråd, som fremhevet! Når du har gjennomført veiledningen under, oppretter du din egen tråd der du legger loggene. Det gjør du ved å velge 'Nytt Emne'-knappen. Det er viktig at du oppretter egen tråd da support ikke foretas i denne tråden. Lenke til kommentar
nipton Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Ser etter msn virus/noe annet som kan skade pcen. Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2096 Windows 6.0.6001 Service Pack 1 09.05.2009 02:41:09 mbam-log-2009-05-09 (02-41-09).txt Skanntype: Rask Skann Objekter skannet: 63350 Tid tilbakelagt: 2 minute(s), 0 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ---------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:41:41, on 09.05.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Jonas\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\SysWOW64\CTsvcCDA.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate1c98a42b3a2f0a7) (gupdate1c98a42b3a2f0a7) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11207 bytes --------------------------------------------------------------------------------------------------------------- Tusen takk for hjelpa Lenke til kommentar
Bella_sc Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 I går fikk jeg tilsendt link på msn, og naiv som jeg er trykket jeg på filen..ble ikke bedt om å laste ned noe men måtte logge meg inn på noe greier..virket jo helt ufarlig for meg, virket bare som en kompis som skulle vise meg et bilde men akk nei..det var det dog ikke:S Linken jeg fikk het http :// ImageHostz. com/? user= (mitt brukernavn)&image= DSC00245.JPG ?!? .. fikk vite i dag tidlig at msn min sendte ut linker..anti-virus programmet mitt fant ingenting og lastet ned Malwarebytes der jeg tok en hurtigskann som anbefalt på forumet.. Men den fant heller ingenting..Hva gjør jeg nå? Flott visst noen kan hjelpe:) Jeg har forestn skiftet passord på msn som jeg også leste meg til her;)Men det er vel ikkje akuratt nok til å bli kvitt viruset? Lenke til kommentar
nipton Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Huff jaa Akkurat som meg. gjorde det samme å nå finnes ingen av mine antivirus noen ting som helst. Hadde vært fint om noen kunne hjelpe. Har prøvd http://itpro.no/art/12038.html Men jeg finner ingen filer ved navn "Volume Shadow Organizer" = "nvbsvc.exe" som det står. Denne artikkelen er sikkert så pass gammel at no er det noe nytt på gang. Lenke til kommentar
norbat Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Kjør gjennom hele veiledningen (se 1.post) og opprett en egen tråd der dere legger loggene det spørres etter. Lenke til kommentar
P-in-P Skrevet 13. mai 2009 Del Skrevet 13. mai 2009 Hei! Etter å ha laget denne posten så kom jeg fram til at jeg hadde virus på minnepennen. Etter å ha kjørt en check på fila på VirusTotal så fikk jeg følgende resultat; File 570.exe received on 01.25.2009 23:53:46 (CET)Antivirus Version Last Update Result a-squared 4.0.0.73 2009.01.25 Packer.PrivateExeProtector.A!IK AhnLab-V3 5.0.0.2 2009.01.25 Win32/IRCBot.worm.variant AntiVir 7.9.0.60 2009.01.25 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2009.01.25 W32/Backdoor2.OBU Avast 4.8.1281.0 2009.01.25 Win32:Rbot-FOR AVG 8.0.0.229 2009.01.25 Obfustat.AEEE BitDefender 7.2 2009.01.25 Backdoor.Rbot.XLX CAT-QuickHeal 10.00 2009.01.24 (Suspicious) - DNAScan ClamAV 0.94.1 2009.01.25 Trojan.Mybot-9598 Comodo 946 2009.01.25 Backdoor.Win32.Rbot DrWeb 4.44.0.09170 2009.01.25 - eSafe 7.0.17.0 2009.01.25 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.25 W32/Backdoor2.OBU F-Secure 8.0.14470.0 2009.01.25 Backdoor.Win32.Rbot.ggy Fortinet 3.117.0.0 2009.01.25 - GData 19 2009.01.25 Backdoor.Rbot.XLX Ikarus T3.1.1.45.0 2009.01.25 Packer.PrivateExeProtector.A K7AntiVirus 7.10.604 2009.01.24 Backdoor.Win32.rbot.ggy Kaspersky 7.0.0.125 2009.01.25 Backdoor.Win32.Rbot.ggy McAfee 5506 2009.01.25 W32/Sdbot.worm McAfee+Artemis 5506 2009.01.25 W32/Sdbot.worm Microsoft 1.4205 2009.01.25 Backdoor:Win32/Rbot.OZ NOD32 3798 2009.01.25 Win32/Rbot Norman 5.93.01 2009.01.23 W32/Smalltroj.BUAA nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.RBot.349046 Panda 9.5.1.2 2009.01.25 - PCTools 4.4.2.0 2009.01.25 Worm.Rbot.VDN Prevx1 V2 2009.01.25 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.25 Trojan.Crypt.XPACK.Gen Sophos 4.37.0 2009.01.25 Mal/Generic-A Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Rbot Symantec 10 2009.01.25 W32.IRCbot TheHacker 6.3.1.5.229 2009.01.25 Backdoor/Rbot.ggy TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.25 Backdoor.Win32.Rbot.ggy ViRobot 2009.1.23.1576 2009.01.23 Backdoor.Win32.RBot.349046 VirusBuster 4.5.11.0 2009.01.25 Worm.Rbot.VDN Additional information File size: 349046 bytes MD5...: 0167f5214218f8c6e0f5cf3d45ae2e27 SHA1..: b41a73b74a889b591d00fd16663843dcdeab064d SHA256: 83b87b0f882d75b996d3d0981a4b7987381d57818a85a1796051d4fbfc198308 SHA512: 3a2c1c78ee2fafdab9ee00095fbb141ec6a53a2894396e1dc66ca4f0b70912ed<BR>a57777b82baced409ad795a76ea1fee840f024690e145d6b53325307c418fe8e<BR> ssdeep: 6144:YvM106xbqxJMVPhMqoxu5e9mLX1EVLNT3DHbA85TE4t4FrA:YEFxbqx2VPh<BR>HoxRfZvHbACGrA<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (51.2%)<BR>Win16/32 Executable Delphi generic (12.4%)<BR>Clipper DOS Executable (12.1%)<BR>Generic Win/DOS Executable (12.0%)<BR>DOS Executable Generic (12.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4012e6<BR>timedatestamp.....: 0x2527e1c7 (Mon Oct 02 22:31:35 1989)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.01e04w 0x1000 0x2522a 0x609 7.16 c7471fc5b4a3b867634c62a66f0fdd72<BR>.8vsw2k 0x27000 0x20e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.2x0l9r 0x2a000 0x61328 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x8c000 0x64a0 0x649b 4.45 963cadc51fe7ea22fd2b3afd54aac6c3<BR>.engine 0x93000 0x300000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.data 0x393000 0x72000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x405000 0x4f000 0x4e176 7.88 034f6029fd59ac66c15d82cb0e1f0fe0<BR><BR>( 2 imports ) <BR>> KERNEL32.DLL: CopyFileA<BR>> USER32.DLL: IsWindow<BR><BR>( 0 exports ) <BR> Noen som utifra dette kan si noe om hvordan jeg får fjernet viruset ? Jeg går utifra at PC-en min allerede er infisert og at det er filer som ligger på PC-en min også som smitter videre til minnepenner igjen i det jeg setter dem i. Lenke til kommentar
raWrz Skrevet 13. mai 2009 Del Skrevet 13. mai 2009 Hei! Etter å ha laget denne posten så kom jeg fram til at jeg hadde virus på minnepennen. Etter å ha kjørt en check på fila på VirusTotal så fikk jeg følgende resultat; File 570.exe received on 01.25.2009 23:53:46 (CET)Antivirus Version Last Update Result a-squared 4.0.0.73 2009.01.25 Packer.PrivateExeProtector.A!IK AhnLab-V3 5.0.0.2 2009.01.25 Win32/IRCBot.worm.variant AntiVir 7.9.0.60 2009.01.25 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2009.01.25 W32/Backdoor2.OBU Avast 4.8.1281.0 2009.01.25 Win32:Rbot-FOR AVG 8.0.0.229 2009.01.25 Obfustat.AEEE BitDefender 7.2 2009.01.25 Backdoor.Rbot.XLX CAT-QuickHeal 10.00 2009.01.24 (Suspicious) - DNAScan ClamAV 0.94.1 2009.01.25 Trojan.Mybot-9598 Comodo 946 2009.01.25 Backdoor.Win32.Rbot DrWeb 4.44.0.09170 2009.01.25 - eSafe 7.0.17.0 2009.01.25 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.25 W32/Backdoor2.OBU F-Secure 8.0.14470.0 2009.01.25 Backdoor.Win32.Rbot.ggy Fortinet 3.117.0.0 2009.01.25 - GData 19 2009.01.25 Backdoor.Rbot.XLX Ikarus T3.1.1.45.0 2009.01.25 Packer.PrivateExeProtector.A K7AntiVirus 7.10.604 2009.01.24 Backdoor.Win32.rbot.ggy Kaspersky 7.0.0.125 2009.01.25 Backdoor.Win32.Rbot.ggy McAfee 5506 2009.01.25 W32/Sdbot.worm McAfee+Artemis 5506 2009.01.25 W32/Sdbot.worm Microsoft 1.4205 2009.01.25 Backdoor:Win32/Rbot.OZ NOD32 3798 2009.01.25 Win32/Rbot Norman 5.93.01 2009.01.23 W32/Smalltroj.BUAA nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.RBot.349046 Panda 9.5.1.2 2009.01.25 - PCTools 4.4.2.0 2009.01.25 Worm.Rbot.VDN Prevx1 V2 2009.01.25 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.25 Trojan.Crypt.XPACK.Gen Sophos 4.37.0 2009.01.25 Mal/Generic-A Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Rbot Symantec 10 2009.01.25 W32.IRCbot TheHacker 6.3.1.5.229 2009.01.25 Backdoor/Rbot.ggy TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.25 Backdoor.Win32.Rbot.ggy ViRobot 2009.1.23.1576 2009.01.23 Backdoor.Win32.RBot.349046 VirusBuster 4.5.11.0 2009.01.25 Worm.Rbot.VDN Additional information File size: 349046 bytes MD5...: 0167f5214218f8c6e0f5cf3d45ae2e27 SHA1..: b41a73b74a889b591d00fd16663843dcdeab064d SHA256: 83b87b0f882d75b996d3d0981a4b7987381d57818a85a1796051d4fbfc198308 SHA512: 3a2c1c78ee2fafdab9ee00095fbb141ec6a53a2894396e1dc66ca4f0b70912ed<BR>a57777b82baced409ad795a76ea1fee840f024690e145d6b53325307c418fe8e<BR> ssdeep: 6144:YvM106xbqxJMVPhMqoxu5e9mLX1EVLNT3DHbA85TE4t4FrA:YEFxbqx2VPh<BR>HoxRfZvHbACGrA<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (51.2%)<BR>Win16/32 Executable Delphi generic (12.4%)<BR>Clipper DOS Executable (12.1%)<BR>Generic Win/DOS Executable (12.0%)<BR>DOS Executable Generic (12.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4012e6<BR>timedatestamp.....: 0x2527e1c7 (Mon Oct 02 22:31:35 1989)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.01e04w 0x1000 0x2522a 0x609 7.16 c7471fc5b4a3b867634c62a66f0fdd72<BR>.8vsw2k 0x27000 0x20e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.2x0l9r 0x2a000 0x61328 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x8c000 0x64a0 0x649b 4.45 963cadc51fe7ea22fd2b3afd54aac6c3<BR>.engine 0x93000 0x300000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.data 0x393000 0x72000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x405000 0x4f000 0x4e176 7.88 034f6029fd59ac66c15d82cb0e1f0fe0<BR><BR>( 2 imports ) <BR>> KERNEL32.DLL: CopyFileA<BR>> USER32.DLL: IsWindow<BR><BR>( 0 exports ) <BR> Noen som utifra dette kan si noe om hvordan jeg får fjernet viruset ? Jeg går utifra at PC-en min allerede er infisert og at det er filer som ligger på PC-en min også som smitter videre til minnepenner igjen i det jeg setter dem i. vennligst lag en nu tråd og følg guiden som er linket i signaturen min Lenke til kommentar
Soildor Skrevet 19. mai 2009 Del Skrevet 19. mai 2009 hei fekk et lite problem med Online Armor i dag :S den sperrer tilgangen for diverse nettsteder ( diskusjon.no osv) + bilder på nettby. får bare feilmelding nor jeg prøver og opne sidene har dere eit forslag? :S Lenke til kommentar
Fred7555 Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Gå inn på innstilliner->blokkerte sider, så bare fjerne du diskusjon.no og det du vil ha. Eller kan du legge de til på "trusted applications" Lenke til kommentar
Soildor Skrevet 20. mai 2009 Del Skrevet 20. mai 2009 Gå inn på innstilliner->blokkerte sider, så bare fjerne du diskusjon.no og det du vil ha. Eller kan du legge de til på "trusted applications" ja fekk fikset d Lenke til kommentar
denix89 Skrevet 11. juni 2009 Del Skrevet 11. juni 2009 (endret) scanet pcen Malwarebytes' Anti-Malware 1.37 Databaseversjon: 2182 Windows 6.0.6001 Service Pack 1 11.06.2009 14:31:43 mbam-log-2009-06-11 (14-31-43).txt Skanntype: Rask Skann Objekter skannet: 72921 Tid tilbakelagt: 4 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully. ComboFix 09-05-15.08 - Elisabeth 11.06.2009 15:13.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3068.1893 [GMT 2:00] Kjører fra: d:\nedlasting\Programvarer\ComboFix.exe AV: avast! antivirus 4.7.1001 [VPS 090304-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\ELISAB~1\AppData\Local\Temp\RtkBtMnt.exe c:\users\Elisabeth\AppData\Local\Temp\RtkBtMnt.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-11 til 2009-06-11 ))))))))))))))))))))))))))))))))) . 2009-06-11 11:57 . 2009-06-11 11:57 -------- d-----w c:\users\Elisabeth\AppData\Roaming\Malwarebytes 2009-06-11 11:57 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys 2009-06-11 11:57 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 11:57 . 2009-06-11 11:57 -------- d-----w c:\programdata\Malwarebytes 2009-06-11 11:57 . 2009-06-11 11:57 -------- d-----w c:\users\All Users\Malwarebytes 2009-06-11 11:57 . 2009-06-11 12:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-06-11 11:44 . 2009-06-11 11:44 -------- d-----w c:\windows\Driver Cache 2009-06-11 11:44 . 2009-06-11 11:44 -------- d-----w c:\program files\AVerMedia 2009-06-11 09:42 . 2009-06-11 09:42 -------- d-----w c:\users\Elisabeth\AppData\Roaming\Lavasoft 2009-06-11 09:21 . 2009-06-11 09:58 -------- d-----w c:\programdata\Spybot - Search & Destroy 2009-06-11 09:21 . 2009-06-11 09:58 -------- d-----w c:\users\All Users\Spybot - Search & Destroy 2009-06-11 09:18 . 2009-06-11 09:19 -------- d-----w c:\program files\Winamp 2009-06-11 09:18 . 2009-06-11 09:18 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-06-11 09:17 . 2009-06-11 09:17 -------- d-----w c:\program files\CCleaner 2009-06-11 01:22 . 2008-05-26 10:54 81704 ----a-w c:\windows\system32\drivers\WSVD.sys 2009-06-10 11:53 . 2009-06-10 11:53 -------- d-----w c:\users\Elisabeth\AppData\Local\Yahoo 2009-06-10 11:25 . 2009-06-10 11:25 -------- d-----w c:\users\Elisabeth\AppData\Roaming\Yahoo! 2009-06-10 11:25 . 2009-06-10 11:25 -------- d-----w c:\programdata\Yahoo! Companion 2009-06-10 11:25 . 2009-06-10 11:25 -------- d-----w c:\users\All Users\Yahoo! Companion 2009-06-10 11:20 . 2009-06-10 11:53 -------- d-----w c:\programdata\Yahoo! 2009-06-10 11:20 . 2009-06-10 11:53 -------- d-----w c:\users\All Users\Yahoo! 2009-06-10 11:20 . 2009-06-10 11:25 -------- d-----w c:\program files\Yahoo! 2009-06-09 13:51 . 2009-06-09 13:51 283952 ----a-w c:\program files\npmusicn.dll 2009-06-09 12:28 . 2009-06-09 12:28 -------- d-----w c:\program files\iPod 2009-06-09 12:28 . 2009-06-09 12:28 -------- d-----w c:\program files\iTunes 2009-06-01 16:41 . 2009-06-01 16:41 -------- d-----w c:\users\Elisabeth\AppData\Local\PlayMovie 2009-06-01 16:41 . 2009-06-01 16:41 -------- d-----w c:\users\Elisabeth\AppData\Local\Acer Arcade Deluxe 2009-05-27 03:03 . 2009-06-11 01:19 -------- d-----w c:\users\Elisabeth\AppData\Local\PowerCinema 2009-05-27 02:58 . 2009-05-27 03:05 -------- d-----w c:\program files\Acer Arcade Deluxe 2009-05-13 07:40 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll 2009-05-13 07:40 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-05-13 07:39 . 2009-05-13 07:40 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-13 07:39 . 2009-05-13 07:40 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-11 13:15 . 2009-03-04 15:25 28219 ----a-w c:\users\All Users\nvModes.dat 2009-06-11 13:15 . 2009-03-04 15:25 28219 ----a-w c:\programdata\nvModes.dat 2009-06-11 13:13 . 2009-03-04 20:39 12 ----a-w c:\windows\bthservsdp.dat 2009-06-11 13:09 . 2008-01-21 06:14 77462 ----a-w c:\windows\system32\perfc014.dat 2009-06-11 13:09 . 2008-01-21 06:14 454956 ----a-w c:\windows\system32\perfh014.dat 2009-06-11 07:20 . 2009-03-04 14:15 -------- d-----w c:\program files\Launch Manager 2009-06-11 07:19 . 2009-03-05 10:50 680 ----a-w c:\users\Elisabeth\AppData\Local\d3d9caps.dat 2009-06-11 02:13 . 2009-03-06 21:42 24 ----a-w c:\windows\popcinfo.dat 2009-06-09 14:10 . 2009-03-04 23:00 107720 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-06-09 12:28 . 2009-03-15 13:44 -------- d-----w c:\program files\Common Files\Apple 2009-06-09 12:25 . 2009-03-05 15:44 -------- d-----w c:\program files\QuickTime 2009-06-03 06:36 . 2009-03-05 12:33 -------- d-----w c:\program files\Xvid 2009-05-27 03:04 . 2008-07-18 01:07 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-13 09:20 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-03 07:01 . 2008-07-18 01:55 -------- d-----w c:\program files\Cyberlink 2009-05-02 23:32 . 2008-07-18 01:43 -------- d-----w c:\program files\Microsoft Works 2009-05-01 10:09 . 2009-05-01 10:08 -------- d-----w c:\program files\iMesh Applications 2009-03-17 03:38 . 2009-04-22 03:39 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-22 03:39 24064 ----a-w c:\windows\system32\amxread.dll 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2008-09-02 14:04 398768 ----a-w c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 68856] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-03-04 3719680] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-16 809480] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-03-04 14:11 3162624 ----a-w c:\program files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Acer\Acer Bio Protection\PwdFilter [HKLM\~\startupfolder\C:^Users^Elisabeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk] path=c:\users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk backup=c:\windows\pss\Orion.lnk.Startup backupExtension=.Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3498885533-3433939835-3141117619-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D11CF64D-3C65-4313-A6F4-E2478CA9B8A3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{55C2B690-0AE6-4303-9541-6BCCFAC77CCD}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{CBFA8F85-84F8-4B78-AC69-40F7A8C0163F}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{2394D81F-7DA7-4244-9A62-2C0D6A9BCA72}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{40E94C97-7047-4D47-AF84-9CB82770E318}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E716CAB6-883A-4439-85D7-444848EB9B23}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{C791B158-DE41-4B7C-B17B-0E8989126490}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{50C984F3-A194-4144-8F0B-FFC7D78342CA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{95730F72-246E-4ED4-B77C-F5679197A2C5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{F25D399F-C381-42AC-A3B9-0C0637776003}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B3D6C525-DD57-4D10-9A48-3A7A6811D5B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3F14E50E-7064-479F-801E-A14AEC255C30}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{77CB689C-7DB1-4358-8F9F-4A7BB809F330}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{3ECFE86B-ECEA-4F00-B3A5-1D67CD609A86}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{6D408E13-C8A0-406D-8AD0-A1E113A7DAAB}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{277416D3-2799-41B4-BE55-9EDA6EBEBF5D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{495CC841-6370-463F-B1A7-535057E0071C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{75D09ECD-E28B-47BE-B10F-B33910880A9F}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh "{27114293-EF75-488C-B4FC-5663558F25B4}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh "{0E93F75A-23BD-49DD-8EFD-E177CA3B934C}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{0743B68B-BA09-457B-ADAD-F96C7FFF012A}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{C2B38583-3295-42F4-80CA-11914E4CC4B2}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{30EA0DDA-8E01-4160-A59D-42DB573C5630}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "TCP Query User{4C5719B6-887A-4052-B721-20FF676E0D20}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free. "UDP Query User{F009B60E-022D-49F1-A420-D2A3AA0DD243}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free. "{46B0EBE6-F2D5-4DB7-999D-22DDF19F25AC}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent "{F7C4E600-7315-436E-B527-4870DD00BE34}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent "{3D7DBE9E-58CC-4E64-8158-861113FE3C07}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F793593F-24DF-471A-A1BE-971880774616}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{E0D012A7-4588-45B1-A153-26DEA85FA242}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{D3965633-3D47-42FD-8FCF-453C4BA3BA0A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [04.03.2009 16:11 43184] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [05.03.2009 02:04 114768] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [27.05.2009 05:03 61424] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05.03.2009 02:04 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05.03.2009 00:07 51792] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [27.05.2009 05:05 122368] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [04.03.2009 16:16 54784] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [16.12.2008 06:05 48128] R3 NETw5v32;Intel® Wireless WiFi Link-kortdriver for Windows Vista 32-bit;c:\windows\System32\drivers\NETw5v32.sys [18.07.2008 12:28 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [18.08.2008 09:00 44064] R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26.05.2008 06:44 40752] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [18.07.2008 03:14 85136] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [11.06.2009 03:22 81704] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-11 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:09] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.bankwest.com.au/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0309&m=aspire_6935 uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-11 15:17 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(672) c:\program files\Acer\Acer Bio Protection\PwdFilter.dll - - - - - - - > 'explorer.exe'(5928) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\vfsFPService.exe c:\windows\System32\rundll32.exe c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\wlanext.exe c:\windows\System32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\windows\System32\conime.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Acer\Acer VCM\RS_Service.exe c:\windows\System32\WUDFHost.exe c:\program files\Launch Manager\LManager.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\System32\rundll32.exe c:\users\ELISAB~1\AppData\Local\Temp\RtkBtMnt.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Acer\Acer Bio Protection\PwdBank.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Tidspunkt ferdig: 2009-06-11 15:21 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-06-11 13:21 Pre-Run: 102 598 918 144 byte ledig Post-Run: 102 567 010 304 byte ledig 295 --- E O F --- 2009-06-10 03:14 Ser alt ok ut? Endret 11. juni 2009 av denix89 Lenke til kommentar
mattjin Skrevet 15. juni 2009 Del Skrevet 15. juni 2009 (endret) Never mind Endret 19. juni 2009 av mattjin Lenke til kommentar
Gjest Slettet+5132 Skrevet 19. juni 2009 Del Skrevet 19. juni 2009 Bra tiltak med denne tråden Lenke til kommentar
No14 Skrevet 19. juni 2009 Del Skrevet 19. juni 2009 Er alt ok her? Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.38Databaseversjon: 2305 Windows 5.1.2600 Service Pack 3 2009-06-19 21:42:57 mbam-log-2009-06-19 (21-42-57).txt Skanntype: Rask Skann Objekter skannet: 107769 Tid tilbakelagt: 6 minute(s), 52 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 09-06-18.02 - André 2009-06-19 21:50.5 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.895.562 [GMT 2:00] Kjører fra: c:\documents and settings\André\Skrivebord\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\grpconv.exe manglet Gjenopprettet kopi fra - c:\windows\ServicePackFiles\i386\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WSNPOEM.SYS ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-19 til 2009-06-19 ))))))))))))))))))))))))))))))))) . 2009-06-19 19:53 . 2008-04-14 16:22 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-06-19 19:53 . 2008-04-14 16:22 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-06-18 22:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-18 22:04 . 2009-06-18 22:04 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-06-18 22:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-18 22:04 . 2009-06-18 22:04 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-18 21:53 . 2009-06-18 21:53 -------- d-----r- c:\documents and settings\LocalService\Favoritter 2009-06-17 20:43 . 2009-06-17 20:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-06-10 22:03 . 2009-04-30 21:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 22:03 . 2009-04-30 21:17 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-07 22:40 . 2009-06-07 22:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-07 22:38 . 2009-06-07 22:38 -------- d-----w- c:\windows\ie8updates 2009-06-07 22:37 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-07 22:35 . 2009-06-07 22:35 -------- d--h--w- c:\windows\ie8 2009-06-06 15:44 . 2009-06-06 15:44 -------- d-----w- c:\documents and settings\Administrator\Programdata\SUPERAntiSpyware.com . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-19 19:54 . 2006-10-17 23:14 12 ----a-w- c:\windows\bthservsdp.dat 2009-05-17 13:28 . 2006-08-28 15:01 80868 ----a-w- c:\windows\system32\perfc014.dat 2009-05-17 13:28 . 2006-08-28 15:01 445844 ----a-w- c:\windows\system32\perfh014.dat 2009-05-13 05:06 . 2006-01-09 18:08 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:34 . 2004-08-04 13:00 346112 ----a-w- c:\windows\system32\localspl.dll 2009-04-28 21:18 . 2009-04-28 21:18 -------- d-----w- c:\programfiler\Spotify 2009-04-27 15:55 . 2009-03-26 19:56 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-27 15:55 . 2009-03-26 19:56 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-19 19:51 . 2004-08-04 13:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:55 . 2004-08-04 13:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-05 16:45 . 2009-04-05 16:45 75048 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe 2006-10-18 22:36 . 2006-10-18 22:36 2855080 ----a-w- c:\programfiler\aawsepersonal.exe 2006-10-18 20:02 . 2006-10-18 20:02 9401032 ----a-w- c:\programfiler\Install_MSN_Messenger.EXE 2007-08-13 21:01 . 2007-08-04 20:48 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-08-13 20:52 . 2007-08-04 20:48 88 --sh--r- c:\windows\system32\EA96F5161C.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "ntiMUI"="c:\programfiler\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-24 630784] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272] "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896] "eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-03-12 342312] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Andr‚\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.4.lnk - c:\programfiler\OpenOffice.org 2.4\program\quickstart.exe [2008-5-30 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-10-18 45056] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-04 07:59 356352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6081:TCP"= 6081:TCP:RPC R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 9968] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [2009-03-26 108289] R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-10-18 17664] R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-10-18 90112] R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?] S3 epindd;epindd;c:\windows\system32\drivers\EPINDD.SYS [2006-10-18 8448] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-05-22 36864] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - UBHELPER [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-19 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20] 2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-MsnMsgr - ~c:\programfiler\MSN Messenger\MsnMsgr.Exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-19 21:55 Windows 5.1.2600 Service Pack 3 FAT NTAPI skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(740) c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3760) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE c:\programfiler\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE c:\programfiler\FELLESFILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE c:\programfiler\BONJOUR\MDNSRESPONDER.EXE c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE c:\programfiler\JAVA\JRE6\BIN\JQS.EXE c:\programfiler\FELLESFILER\LIGHTSCRIBE\LSSRVC.EXE c:\acer\EMPOWERING TECHNOLOGY\ELOCK\LOCKSERV.EXE c:\windows\SYSTEM32\NVSVC32.EXE c:\windows\SYSTEM32\PSISERVICE.EXE c:\programfiler\CYBERLINK\SHARED FILES\RICHVIDEO.EXE c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE c:\programfiler\LAUNCH MANAGER\LMANAGER.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\SYSTEM32\RUNDLL32.EXE c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe c:\programfiler\OpenOffice.org 2.4\program\soffice.exe c:\programfiler\OpenOffice.org 2.4\program\soffice.BIN c:\programfiler\iPod\bin\iPodService.exe c:\docume~1\ANDRÉ\LOKALE~1\Temp\RtkBtMnt.exe . ************************************************************************** . Tidspunkt ferdig: 2009-06-19 21:58 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-06-19 19:58 Pre-Run: 20,328,087,552 byte ledig Post-Run: 22,183,084,032 byte ledig 197 --- E O F --- 2009-06-19 14:54 Lenke til kommentar
raWrz Skrevet 19. juni 2009 Del Skrevet 19. juni 2009 Hei venligst post loggene i din egen tråd Her: https://www.diskusjon.no/index.php?showtopic=1123108&hl= Lenke til kommentar
Cpt. Abusive Skrevet 19. juni 2009 Del Skrevet 19. juni 2009 TUUUUSEN TAKK!!!!! har hatt virus i sikkert 1 år omtrent, og nå fikk jeg endelig fjerna det Lenke til kommentar
raWrz Skrevet 19. juni 2009 Del Skrevet 19. juni 2009 (endret) Hei anbefaler at du poster loggene i din egen tråd slik at vi kan sjekke at du er 100% malware fri Edit: og leifer på kvelden kommer alltid tilbake Endret 19. juni 2009 av Submit Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå