[Løst] Hjelp til malware kalt "Security Tool"

[Beges]

Hei!

 

 

Broren min har fått installert noe malware/rouge-program på pc'en kalt "Security Tool". Jeg har kjørt MBAM og ComboFix, men det hadde vært fint om noen kunne hjelpe meg med å se om det er noe resterende skadelig programvare e.l.

 

Håper noen er villige til å hjelpe!

 

MBAM-log:

 

Malwarebytes' Anti-Malware 1.45www.malwarebytes.orgDatabase version: 4023Windows 6.1.7600Internet Explorer 8.0.7600.1638522.04.2010 23:23:30logg anti-mScan type: Quick scanObjects scanned: 109546Time elapsed: 4 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 1Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\24031919 (Trojan.FakeAlert.H) -> No action taken.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\ProgramData\24031919 (Rogue.Multiple) -> No action taken.Files Infected:C:\ProgramData\24031919\24031919.exe (Trojan.FakeAlert.H) -> No action taken.C:\Users\Runar\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.C:\Users\Runar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

 

 

 

ComboFix-log:

 

ComboFix 10-04-21.01 - Runar 22.04.2010 23:30:39.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.3327.2496 [GMT 2:00]Kjører fra: c:\users\Runar\Desktop\ComboFix.exeSP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} * Anti-virus er aktiv.((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-22 til 2010-04-22 ))))))))))))))))))))))))))))))))).2010-04-22 20:40 . 2010-04-22 20:40 -------- d-----w- c:\users\Runar\AppData\Roaming\Malwarebytes2010-04-22 20:40 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-22 20:40 . 2010-04-22 20:40 -------- d-----w- c:\programdata\Malwarebytes2010-04-22 20:40 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-22 20:40 . 2010-04-22 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-04-20 21:09 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-04-20 19:13 . 2010-04-20 19:13 -------- d-----w- c:\users\Runar\AppData\Local\Nem's Tools2010-04-14 12:57 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-04-14 12:57 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe2010-04-14 12:57 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll2010-04-14 12:57 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll2010-04-14 12:57 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll2010-04-14 12:56 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2010-04-14 12:56 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2010-04-14 12:56 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2010-04-11 10:31 . 2010-04-11 10:31 -------- d-----w- c:\programdata\McAfee2010-04-10 11:28 . 2010-04-10 11:28 -------- d-----w- c:\program files\Common Files\Adobe2010-04-07 15:58 . 2010-04-07 15:58 -------- d-----w- c:\program files\Common Files\Java2010-04-05 14:52 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll2010-03-24 14:45 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-22 21:34 . 2009-10-19 18:34 75966 ----a-w- c:\windows\system32\perfc001.dat2010-04-22 21:34 . 2009-10-19 18:34 666534 ----a-w- c:\windows\system32\perfh019.dat2010-04-22 21:34 . 2009-10-19 18:34 629664 ----a-w- c:\windows\system32\perfh00C.dat2010-04-22 21:34 . 2009-10-19 18:34 426820 ----a-w- c:\windows\system32\perfh001.dat2010-04-22 21:34 . 2009-10-19 18:34 128694 ----a-w- c:\windows\system32\perfc019.dat2010-04-22 21:34 . 2009-10-19 18:34 107524 ----a-w- c:\windows\system32\perfc00C.dat2010-04-22 21:34 . 2009-10-19 18:08 73930 ----a-w- c:\windows\system32\perfc014.dat2010-04-22 21:34 . 2009-10-19 18:08 447984 ----a-w- c:\windows\system32\perfh014.dat2010-04-22 18:45 . 2009-10-19 18:54 -------- d-----w- c:\program files\Common Files\Steam2010-04-20 21:09 . 2009-12-12 21:28 -------- d-----w- c:\program files\Java2010-04-19 13:10 . 2010-01-12 18:02 -------- d-----w- c:\users\Runar\AppData\Roaming\gtk-2.02010-04-14 20:02 . 2009-10-28 15:06 -------- d-----w- c:\users\Runar\AppData\Roaming\Spotify2010-04-14 13:00 . 2009-10-19 18:40 -------- d-----w- c:\programdata\Microsoft Help2010-04-13 18:53 . 2009-10-19 20:37 -------- d-----w- c:\program files\Google2010-03-15 11:49 . 2009-11-23 15:53 -------- d-----w- c:\programdata\Norton2010-03-14 21:35 . 2010-03-14 21:35 -------- d-----w- c:\programdata\FileCure2010-03-12 19:23 . 2009-12-12 21:29 41 ----a-w- c:\users\Runar\jagex_runescape_preferences.dat2010-03-12 19:07 . 2009-12-12 21:29 69 ----a-w- c:\users\Runar\jagex_runescape_preferences2.dat2010-03-04 06:07 . 2009-10-19 17:56 140120 ----a-w- c:\users\Runar\AppData\Local\GDIPFONTCACHEV1.DAT2010-03-03 17:03 . 2009-11-25 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared2010-02-24 08:16 . 2009-10-19 17:49 181632 ------w- c:\windows\system32\MpSigStub.exe2010-02-16 09:00 . 2010-03-03 17:03 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100303.005\NAVEX15.SYS2010-02-16 09:00 . 2010-03-03 17:03 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100303.005\NAVENG.SYS2010-02-16 09:00 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS2010-02-16 09:00 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS2010-02-02 07:45 . 2010-02-28 19:18 2048 ----a-w- c:\windows\system32\tzres.dll2010-01-29 08:59 . 2010-01-29 08:59 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4404.tmp.exe2010-01-28 01:20 . 2010-01-29 17:00 1348 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp2bc9.tmp\cur.scr2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe.(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))..*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="d:\program files\steam\steam.exe" [2010-04-15 1238352]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 39408]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]c:\users\Runar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-11-17 253952][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 133104]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776].Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:32]2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 16:32]..------- Tilleggsskanning -------.uStart Page = hxxp://www.youtube.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html..--------------------- LÅSTE REGISTERNØKLER ---------------------[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Tidspunkt ferdig: 2010-04-22 23:37:41ComboFix-quarantined-files.txt 2010-04-22 21:37Pre-Run: 121 856 495 616 bytes freePost-Run: 129 630 703 616 bytes free- - End Of File - - ECF09BF2F09CA3239F597DCF3E2028FE

 

 

[Svenni212000]

Her har du guider som skal hjelpe deg å fjerne ulumskheten fra PCen:

http://www.bleepingcomputer.com/virus-removal/remove-security-tool

http://no.pcthreat.com/parasitebyid-8345no.html

[norbat]

MBAM fjernet malwarefilene og loggene ser ok ut.

Fortsatt mistanke om noe?

[Beges]

Nei, har ikke merket noe mistenkelig Men tusen takk for at du sjekket! Kjempehyggelig av deg!