[LØST] Trenger antivirus program nod32 virker nesten ikke.

Startet av The-One,

33 innlegg i emnet

Skrevet

Hei så denne linken i en tråd: www.virustotal.com Tenkte at jeg skulle skanne et program bare for fun.Dette er resultatet:

AhnLab-V3	2008.7.4.1	2008.07.04	-

AntiVir	7.8.0.64	2008.07.04	TR/Gendal.287355

Authentium	5.1.0.4	2008.07.04	-

Avast	4.8.1195.0	2008.07.04	-

AVG	7.5.0.516	2008.07.03	Dropper.Generic.QGV

BitDefender	7.2	2008.07.04	Trojan.Generic.4315

CAT-QuickHeal	9.50	2008.07.03	(Suspicious) - DNAScan

ClamAV	0.93.1	2008.07.04	PUA.Packed.NPack-3

DrWeb	4.44.0.09170	2008.07.04	-

eSafe	7.0.17.0	2008.07.03	Suspicious File

eTrust-Vet	31.6.5925	2008.07.04	Win32/VMalum.BZOV

Ewido	4.0	2008.07.04	-

F-Prot	4.4.4.56	2008.07.03	-

F-Secure	7.60.13501.0	2008.07.03	W32/Suspicious_N.gen

Fortinet	3.14.0.0	2008.07.04	-

GData	2.0.7306.1023	2008.07.04	-

Ikarus	T3.1.1.26.0	2008.07.04	Trojan-PWS.Win32.Nilage.acu

Kaspersky	7.0.0.125	2008.07.04	-

McAfee	5331	2008.07.03	New Malware.aq

Microsoft	1.3704	2008.07.04	-

NOD32v2	3241	2008.07.04	-

Norman	5.80.02	2008.07.04	W32/Suspicious_N.gen

Panda	9.0.0.4	2008.07.03	Generic Trojan

Prevx1	V2	2008.07.04	Malware Dropper

Rising	20.51.42.00	2008.07.04	-

Sophos	4.30.0	2008.07.04	Mal/Generic-A

Sunbelt	3.1.1509.1	2008.07.04	Trojan.Unclassified.gen

Symantec	10	2008.07.04	Trojan Horse

TheHacker	6.2.96.370	2008.07.04	W32/Behav-Heuristic-063

TrendMicro	8.700.0.1004	2008.07.04	-

VBA32	3.12.6.8	2008.07.03	-

VirusBuster	4.5.11.0	2008.07.03	Packed/NSPack

Webwasher-Gateway	6.6.2	2008.07.04	Trojan.Gendal.287355[/codebox]

Som dere ser fant en god del av antivirusene virus. Men nod32 fant ikke noe. Derfor tenkte jeg at jeg trenger et annet antivirus program.

Er det et antivirus program som passer bra sammen med nod32 ? Eller skal jeg bare ha et antivirus eller hva ?

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Har du oppdatert Nod32 i det siste - og har du kjøpt lovlig versjon? Og du lastet ned et program du VET er infisert for å teste scanningen? Normalt pleier Nod32 ta det meste bare du prøver skrive filen til disk. Nod 32 pleier som regel alltid score 100% på EICAR-testene.

Du bør bare ha et antivirus program inne av gangen.

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Kjøpt lovlig.

Last successful update: 04.07.2008 12:48:13

Som du ser nesten alle programmene på virus total sier at det er virus.

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Test flere filer, kanskje test dette:

http://itpro.no/supportforum/index.php?sho...mp;#entry506507

Skjekk hvilke som finner noe, sammenlign, og velg en ?

skal teste en trojan jeg har så skal jeg redigere og si hvem som ikke fant den :)

EDIT:

http://virusscan.jotti.org/ ;

A-Squared  	Found nothing

AntiVir 	Found TR/Spy.Agent.AHAC

ArcaVir 	Found Trojan.Downloader.Small.Bzt, Adware.Vapsup.Ckw

Avast 	Found Win32:Turkojan-B

AVG Antivirus 	Found BackDoor.Delf

BitDefender 	Found Backdoor.Turkojan.BB

ClamAV 	Found Trojan.Truko-271

CPsecure 	Found BackDoor.W32.Turkojan.il

Dr.Web 	Found Trojan.Rent.27

F-Prot Antivirus 	Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus

F-Secure Anti-Virus 	Found Backdoor:W32/Turkojan.U, Backdoor.Win32.Turkojan.akt

Fortinet 	Found nothing

Ikarus 	Found Backdoor.Win32.Delf.ZG

Kaspersky Anti-Virus 	Found Backdoor.Win32.Turkojan.akt

NOD32 	Found Win32/Cakl.NAM

Norman Virus Control 	Found nothing

Panda Antivirus 	Found nothing

Sophos Antivirus 	Found Troj/Agent-GMF, Troj/Bckdr-QNL, Sus/Behav-1007 (probable variant)

VirusBuster 	Found Backdoor.Turkojan.Gen

VBA32 	Found Backdoor.Win32.Turkojan.akt [/codebox]

http://www.virustotal.com ;

[codebox]Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.04 -
AntiVir 7.8.0.64 2008.07.04 TR/Spy.Agent.AHAC
Authentium 5.1.0.4 2008.07.04 W32/Trojan2.AFSD
Avast 4.8.1195.0 2008.07.04 Win32:Agent-UMM
AVG 7.5.0.516 2008.07.03 BackDoor.Delf
BitDefender 7.2 2008.07.04 Backdoor.Turkojan.BB
CAT-QuickHeal 9.50 2008.07.03 Backdoor.Turkojan.akt
ClamAV 0.93.1 2008.07.04 Trojan.Truko-271
DrWeb 4.44.0.09170 2008.07.04 Trojan.Rent.27
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5925 2008.07.04 -
Ewido 4.0 2008.07.04 -
F-Prot 4.4.4.56 2008.07.03 W32/Agent.AW.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.03 Backdoor.Win32.Turkojan.akt
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.04 Backdoor.Win32.Turkojan.akt
Ikarus T3.1.1.26.0 2008.07.04 Backdoor.Win32.Delf.ZG
Kaspersky 7.0.0.125 2008.07.04 Backdoor.Win32.Turkojan.akt
McAfee 5331 2008.07.03 BackDoor-CZP
Microsoft 1.3704 2008.07.04 Backdoor:Win32/Turkojan.gen!A
NOD32v2 3241 2008.07.04 Win32/Cakl.NAM
Norman 5.80.02 2008.07.04 W32/Smalltroj.CXHE.dropper
Panda 9.0.0.4 2008.07.03 Suspicious file
Prevx1 V2 2008.07.04 -
Rising 20.51.42.00 2008.07.04 Trojan.Win32.Undef.dhp
Sophos 4.30.0 2008.07.04 Troj/Agent-GMF
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.04 -
TheHacker 6.2.96.370 2008.07.04 -
TrendMicro 8.700.0.1004 2008.07.04 TROJ_DELF.EFH
VBA32 3.12.6.8 2008.07.03 Backdoor.Win32.Turkojan.akt
VirusBuster 4.5.11.0 2008.07.04 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.07.04 Trojan.Spy.Agent.AHAC

Endret av Morten242
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Morten fikk ikke lagret engang. Den peip før jeg fikk lagret filen. Sa at det var virus. Så det er ganske greit.

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Tror nesten alle finner den på linken jeg linket til, avast fant den også :)

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Avast blandt annet, min fant den så fort jeg søkte i den :P

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Det er der problemet er. Har brukt avast,avg og en god del andre. Men nod32 fikk så bra på alle tester. Første plass på en haug med tester. Derfor tenkte jeg at dette så bra ut. Hva synes du jeg burde gjøre ? Gå over til avast pro ?

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Avast har også fått priser, skal ikke si du MÅ ha det og det..

Anbefaler avast, men det er fullt og helt opp til deg.

Kan også hende flere som har forslag

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Kan jeg bruke avast og nod eller nod og avg eller avg og avast ?

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Har hørt at 2 antivirus ikke er helt å anbefale, da jobber de mot hverandre og ender opp med 0 resultat

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Har hørt det samme. Men som jeg vet er det noen antivirus som kan jobbe sammen. Eller tar jeg helt feil nå ?

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Tror ikke det, blir vel mere som f.eks avast og spybot, begge er ikke anti-virus, men de beskytter maskina de uansett :P

Jeg for min del har Ad-aware, avast og spy bot, og søker gjennom maskina 1 gang i uka med spy bot og ad-aware ;)

Avast gjør det hele tia ellers, og når skjermspareren er på :P

Men det blir opp til deg om hva du vil ha osv.. osv.. ;)

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Nod32 er noe av det beste du kan få.

For og bedere sikkerhet kjøper du ikke nytt antivirus da er du like langt.

Du installere en brannvegg(comodo eller online armor)

Disse er gratis og du får ikke bedere selv om du bruker penger på dette.

Du har også sterkere program som SAS og MBAM.

Virustotal vil alltid finne ting som antivirus ikke finner.

Husk at det er noe falsk posetivs ute og går.

Men finner mange noe grums er filen infesert.

Er du tvil om du har maleware,kan du poste en combofix logg.

Dette er det et kraftig verktøy som malware har vondt for og slippe unna,poster du loggen som må tolkes får du alltid hjelp blir vel meg eller norbat.

Har hørt det samme. Men som jeg vet er det noen antivirus som kan jobbe sammen. Eller tar jeg helt feil nå ?

Du skal kun ha et antivirus på systemet.

Jeg for min del har Ad-aware, avast og spy bot, og søker gjennom maskina 1 gang i uka med spy bot og ad-aware

Ad-adware og spybot er nok ikke samme klasse som sas og mbam.

Endret av snippsat
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Venter til noen andre har skrivd sine meninger.

EDIT: Valget mitt ligger nå mellom: AntiVir, Avast pro,Avast free, Nod32, AVG pro, AVG free, Bitdefender, Panda, Norman, Kaspersky Anti-Virus

Endret av GTA IV FAN
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Kunne noen se på hijackthis loggen ? Første gang jeg prøver hijackthis. Er ikke sikker på om dette er riktig logg da. 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:37:28, on 04.07.2008

Platform: Windows Vista  (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\PoivY.com\PoivY\PoivY.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.no/"]http://www.google.no/[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\Cplusc.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe


--

End of file - 9760 bytes

[/codebox]

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Ja litt grums er det jo.

---

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

---

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

---

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Her er combofix loggen. Men siden jeg bruker spy bot. Som kom det slette verdi box. Det gjør vel ikke noe det ? 

.


(((((((((((((((((((((((((   Files Created from 2008-06-04 to 2008-07-04  )))))))))))))))))))))))))))))))

.


2008-07-04 17:11 . 2008-07-04 17:11	6,736	--a------	C:\Windows\System32\drivers\PROCEXP90.SYS

2008-06-28 20:00 . 2008-06-28 20:00	<DIR>	d--------	C:\Users\Ihsan\dwhelper

2008-06-27 16:25 . 2008-06-27 16:26	<DIR>	d--------	C:\Users\Ihsan\AppData\Roaming\FileZilla

2008-06-27 16:25 . 2008-06-27 16:25	<DIR>	d--------	C:\Program Files\FileZilla FTP Client

2008-06-25 17:12 . 2008-06-25 17:12	<DIR>	d--------	C:\Program Files\Stardock

2008-06-14 13:23 . 2008-04-23 06:27	1,244,672	--a------	C:\Windows\System32\mcmde.dll

2008-06-14 13:23 . 2008-04-23 06:27	428,032	--a------	C:\Windows\System32\EncDec.dll

2008-06-14 13:23 . 2008-04-23 06:27	292,352	--a------	C:\Windows\System32\psisdecd.dll

2008-06-14 13:23 . 2008-04-23 06:26	218,624	--a------	C:\Windows\System32\psisrndr.ax

2008-06-14 13:23 . 2008-04-23 06:26	80,896	--a------	C:\Windows\System32\MSNP.ax

2008-06-14 13:23 . 2008-04-23 06:26	68,608	--a------	C:\Windows\System32\Mpeg2Data.ax

2008-06-14 13:23 . 2008-04-23 06:26	57,856	--a------	C:\Windows\System32\MSDvbNP.ax

2008-06-11 18:35 . 2008-04-26 10:02	1,327,104	--a------	C:\Windows\System32\quartz.dll

2008-06-11 18:35 . 2008-04-25 06:23	826,368	--a------	C:\Windows\System32\wininet.dll

2008-06-11 18:35 . 2008-05-10 03:21	113,664	--a------	C:\Windows\System32\drivers\rmcast.sys

2008-06-11 18:35 . 2008-05-10 05:30	14,848	--a------	C:\Windows\System32\wshrm.dll

2008-06-09 22:53 . 2008-06-15 12:20	<DIR>	d--------	C:\Program Files\Common Files\Steam

2008-06-09 22:52 . 2008-07-04 12:49	<DIR>	d--------	C:\Program Files\Steam

2008-06-05 22:36 . 2008-06-05 22:53	<DIR>	d--------	C:\vcs5BGEffects

2008-06-05 22:34 . 2008-06-05 22:35	<DIR>	d--------	C:\Program Files\AV Vcs 6.0 DIAMOND

2008-06-05 16:38 . 2008-06-05 16:38	<DIR>	d--------	C:\Program Files\MSXML 4.0

2008-06-04 21:13 . 2008-06-04 21:13	<DIR>	d--------	C:\Users\Ihsan\AppData\Roaming\Nero

2008-06-04 21:07 . 2008-06-04 21:07	<DIR>	d--------	C:\ProgramData\Nero

2008-06-04 21:07 . 2008-06-04 21:07	<DIR>	d--------	C:\Program Files\Nero

2008-06-04 21:07 . 2008-06-04 21:11	<DIR>	d--------	C:\Program Files\Common Files\Nero

2008-06-04 19:28 . 1999-12-17 10:13	86,016	--a------	C:\Windows\unvise32.exe

2008-06-04 19:27 . 2008-06-04 19:27	<DIR>	d--------	C:\Program Files\DivXLand


.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-04 15:07	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\SiteAdvisor

2008-07-04 14:37	---------	d-----w	C:\Program Files\Trend Micro

2008-07-03 21:00	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\uTorrent

2008-06-29 11:29	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\LimeWire

2008-06-28 10:45	---------	d---a-w	C:\ProgramData\TEMP

2008-06-26 18:00	---------	d-----w	C:\Program Files\Search Settings

2008-06-26 14:56	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\Winamp

2008-06-26 14:56	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy

2008-06-26 14:56	---------	d-----w	C:\ProgramData\FLEXnet

2008-06-23 15:39	---------	d-----w	C:\Program Files\SystemRequirementsLab

2008-06-23 11:14	---------	d-----w	C:\Program Files\valve

2008-06-21 13:12	---------	d-----w	C:\Program Files\Cheat Engine

2008-06-14 18:00	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\mIRC

2008-06-12 06:27	---------	d-----w	C:\Program Files\Windows Mail

2008-06-02 13:14	73,216	----a-w	C:\Windows\ST6UNST.EXE

2008-06-02 13:14	249,856	------w	C:\Windows\Setup1.exe

2008-06-02 13:14	---------	d-----w	C:\Program Files\Date Cracker 2000

2008-05-31 19:59	---------	d-----w	C:\ProgramData\OrbNetworks

2008-05-31 19:58	---------	d-----w	C:\Program Files\Winamp

2008-05-31 19:57	---------	d-----w	C:\ProgramData\Winamp Toolbar

2008-05-31 19:57	---------	d-----w	C:\Program Files\Winamp Toolbar

2008-05-31 19:57	---------	d-----w	C:\Program Files\Winamp Remote

2008-05-31 11:33	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\PoivY

2008-05-31 11:31	---------	d-----w	C:\Program Files\PoivY.com

2008-05-30 22:59	---------	d-----w	C:\Program Files\mIRC

2008-05-30 21:41	---------	d-----w	C:\Program Files\RegCleaner

2008-05-30 21:18	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\VoipStunt

2008-05-30 21:16	---------	d-----w	C:\Program Files\VoipStunt.com

2008-05-30 15:43	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-05-29 18:13	---------	d-----w	C:\Program Files\Audacity

2008-05-28 14:28	---------	d-----w	C:\Program Files\Common Files\Thraex Software

2008-05-27 20:50	---------	d-----w	C:\ProgramData\Messenger Plus!

2008-05-27 20:48	---------	d-----w	C:\Program Files\Messenger Plus! Live

2008-05-25 11:20	---------	d-----w	C:\Program Files\Opera

2008-05-22 13:15	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\vlc

2008-05-22 13:09	---------	d-----w	C:\Program Files\VideoLAN

2008-05-21 13:30	---------	d-----w	C:\Program Files\Bonjour

2008-05-20 20:12	---------	d-----w	C:\Program Files\AKINSOFT

2008-05-19 14:52	---------	d-----w	C:\Program Files\QuickTime

2008-05-19 14:51	---------	d-----w	C:\ProgramData\Apple Computer

2008-05-19 14:50	---------	d-----w	C:\Program Files\Apple Software Update

2008-05-19 14:49	---------	d-----w	C:\ProgramData\Apple

2008-05-19 14:49	---------	d-----w	C:\Program Files\Common Files\Apple

2008-05-15 14:31	---------	d-----w	C:\ProgramData\Lavasoft

2008-05-15 14:28	---------	d-----w	C:\Program Files\Lavasoft

2008-05-15 14:27	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard

2008-05-14 20:50	---------	d-----w	C:\ProgramData\Microsoft Help

2008-05-11 21:45	---------	d-----w	C:\Users\Ihsan\AppData\Roaming\CoreFTP

2008-05-11 13:34	---------	d-----w	C:\Program Files\CoreFTP

2008-04-25 04:23	56,320	----a-w	C:\Windows\System32\iesetup.dll

2008-04-25 04:23	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll

2008-04-25 04:22	26,624	----a-w	C:\Windows\System32\ieUnatt.exe

2008-04-19 09:16	174	--sha-w	C:\Program Files\desktop.ini

2008-04-18 23:02	704,000	----a-w	C:\Windows\System32\PhotoScreensaver.scr

2008-04-18 23:02	67,584	----a-w	C:\Windows\System32\wlanhlp.dll

2008-04-18 23:02	542,720	----a-w	C:\Windows\System32\sysmain.dll

2008-04-18 23:02	502,784	----a-w	C:\Windows\System32\wlansvc.dll

2008-04-18 23:02	47,104	----a-w	C:\Windows\System32\wlanapi.dll

2008-04-18 23:02	297,984	----a-w	C:\Windows\System32\wlansec.dll

2008-04-18 23:02	290,816	----a-w	C:\Windows\System32\wlanmsm.dll

2008-04-18 23:02	24,064	----a-w	C:\Windows\System32\wtsapi32.dll

2008-04-18 23:02	2,923,520	----a-w	C:\Windows\explorer.exe

2008-04-18 23:01	194,560	----a-w	C:\Windows\System32\WebClnt.dll

2008-04-18 22:54	8,147,968	----a-w	C:\Windows\System32\wmploc.DLL

2008-04-18 22:54	7,680	----a-w	C:\Windows\System32\spwmp.dll

2008-04-18 22:54	4,096	----a-w	C:\Windows\System32\dxmasf.dll

2008-04-18 22:54	356,864	----a-w	C:\Windows\System32\MediaMetadataHandler.dll

2008-04-18 22:52	3,504,696	----a-w	C:\Windows\System32\ntkrnlpa.exe

2008-04-18 22:52	3,470,392	----a-w	C:\Windows\System32\ntoskrnl.exe

2008-04-18 22:51	2,048	----a-w	C:\Windows\System32\msxml3r.dll

2008-04-18 22:51	1,191,936	----a-w	C:\Windows\System32\msxml3.dll

2008-04-18 22:50	24,064	----a-w	C:\Windows\System32\netcfg.exe

2008-04-18 22:50	22,016	----a-w	C:\Windows\System32\netiougc.exe

2008-04-18 22:50	167,424	----a-w	C:\Windows\System32\tcpipcfg.dll

2008-04-18 22:46	7,168	----a-w	C:\Windows\System32\f3ahvoas.dll

2008-04-18 22:46	6,656	----a-w	C:\Windows\System32\kbd106n.dll

2008-04-18 22:46	595,456	----a-w	C:\Windows\System32\schedsvc.dll

2008-04-18 22:46	558,080	----a-w	C:\Windows\System32\oleaut32.dll

2008-04-18 22:46	39,424	----a-w	C:\Windows\System32\lodctr.exe

2008-04-18 22:46	35,328	----a-w	C:\Windows\System32\dispci.dll

2008-04-18 22:46	32,256	----a-w	C:\Windows\System32\unlodctr.exe

2008-04-18 22:46	260,096	----a-w	C:\Windows\System32\dpx.dll

2008-04-18 22:46	23,552	----a-w	C:\Windows\System32\nshhttp.dll

2008-04-18 22:46	17,408	----a-w	C:\Windows\System32\prflbmsg.dll

2008-04-18 22:46	12,800	----a-w	C:\Windows\System32\batt.dll

2008-04-18 22:46	115,200	----a-w	C:\Windows\System32\loadperf.dll

2008-04-18 22:45	2,027,008	----a-w	C:\Windows\System32\win32k.sys

2008-04-18 22:44	9,728	----a-w	C:\Windows\System32\LAPRXY.DLL

2008-04-18 22:44	296,448	----a-w	C:\Windows\System32\gdi32.dll

2008-04-18 22:44	223,232	----a-w	C:\Windows\System32\WMASF.DLL

2008-04-18 22:44	2,048	----a-w	C:\Windows\System32\asferror.dll

2008-04-18 22:42	2,048	----a-w	C:\Windows\System32\msxml6r.dll

2008-04-18 22:42	1,335,296	----a-w	C:\Windows\System32\msxml6.dll

2008-04-18 22:40	84,480	----a-w	C:\Windows\System32\INETRES.dll

2008-04-18 22:40	737,792	----a-w	C:\Windows\System32\inetcomm.dll

2008-04-18 22:39	11,776	----a-w	C:\Windows\System32\sbunattend.exe

2008-04-18 22:37	83,968	----a-w	C:\Windows\System32\dnsrslvr.dll

2008-04-18 22:37	24,576	----a-w	C:\Windows\System32\dnscacheugc.exe

2008-04-18 22:28	788,992	----a-w	C:\Windows\System32\rpcrt4.dll

2008-04-18 22:25	750,080	----a-w	C:\Windows\System32\qmgr.dll

.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36	1267040	--a------	C:\Program Files\Winamp Toolbar\winamptb.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

2008-04-16 17:56	1107296	--a------	C:\Program Files\Search Settings\kb127\SearchSettings.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]


[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]


[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-12-13 16:31 8824112]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-06-09 22:56 1271032]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 00:39 1232896]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 23:07 202024]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 11:24 138008]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 11:24 154392]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 11:24 133912]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"CafePlus Client"="C:\Program Files\AKINSOFT\Cplus7\Client7\Cplusc.exe" [2007-02-14 13:59 2787328]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 11:01 4431872 C:\Windows\RtHDVCpl.exe]


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoPwdPage"= 0 (0x0)

"NoProfilePage"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDeletePrinter"= 0 (0x0)

"NoAddPrinter"= 0 (0x0)

"NoFavoritesMenu"= 0 (0x0)

"NoLogoff"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

"VIDC.YV12"= yv12vfw.dll


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{759294BD-CC27-4508-9DBC-30CE547934AF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{2D76A279-02CA-42CB-9D37-6DAC5886D0B8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{1D35E50F-9874-4B7B-8E6C-A81EAD4931F1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{701F6115-6C69-4733-8252-FDEDE0703CCC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{EFBB7117-79C5-4D21-87B3-1CD59B7A5E90}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2A26CA58-12FE-4D14-ADDF-1970A5B05684}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{515C827F-94B3-4E49-A99F-96FEB4E83ECD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{E000A25A-97F0-46D2-8B36-159F1C2293BA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{DCBBE8D7-F84F-4AAD-B3B5-F3699DCBD790}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{CBAB334B-B87E-4CC8-B2BA-D6524AC25BB0}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"{498B9B53-4D09-4673-A987-E3B1FBFD4EBA}"= Disabled:UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall

"{E272CF3F-8005-401C-9BB1-11A816F9DC3B}"= Disabled:TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall

"TCP Query User{E2F44BF2-10E8-48FC-805A-3AB5DFB480F9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{6A4AE279-D2E4-4A56-A347-477F12FCA9D2}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{AEB490A9-345D-42F6-90A3-381A576209DF}"= UDP:3306:MySQL Server

"TCP Query User{73176397-2FFE-40A9-A65D-FA3AAA07F45E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{1C73050C-7691-4564-AF13-11275F22D81C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{090C405E-4A5C-492A-8235-192B71B62DF6}C:\\program files\\steam\\steamapps\\_killer_50\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\_killer_50\condition zero\hl.exe:Half-Life Launcher

"UDP Query User{1480EEB1-D0E0-4897-909A-F0386C16B17C}C:\\program files\\steam\\steamapps\\_killer_50\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\_killer_50\condition zero\hl.exe:Half-Life Launcher

"TCP Query User{39636E9F-CFAE-4CA7-8447-3CC62A2B1D14}C:\\program files\\steam\\steamapps\\_killer_50\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\_killer_50\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{86391366-C585-442F-A6A6-C4D521C1DB99}C:\\program files\\steam\\steamapps\\_killer_50\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\_killer_50\counter-strike\hl.exe:Half-Life Launcher

"{C743DF64-39C0-415D-82BE-65A0CF928371}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{19208297-D69E-4016-852F-1EB27C91FB96}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{0269CFD3-28C8-4596-B0F5-29EE02F2B805}C:\\program files\\akinsoft\\cplus7\\client7\\cplusc.exe"= UDP:C:\program files\akinsoft\cplus7\client7\cplusc.exe:CplusC

"UDP Query User{9DDFD7C0-1641-4DFC-B40A-380EB1818D5A}C:\\program files\\akinsoft\\cplus7\\client7\\cplusc.exe"= TCP:C:\program files\akinsoft\cplus7\client7\cplusc.exe:CplusC

"TCP Query User{D0A2A3FE-8EAD-4E4D-A9FB-A2FF51943773}C:\\akinsoft\\cafeplus7\\vision\\cpvision.exe"= UDP:C:\akinsoft\cafeplus7\vision\cpvision.exe:CPVision

"UDP Query User{92030D0C-D7A8-4A40-80BE-D110288F9CA9}C:\\akinsoft\\cafeplus7\\vision\\cpvision.exe"= TCP:C:\akinsoft\cafeplus7\vision\cpvision.exe:CPVision

"TCP Query User{777B7ECD-6BD1-4B36-91FB-87D867B2844D}C:\\akinsoft\\cafeplus7\\mutfak\\mutfak.exe"= UDP:C:\akinsoft\cafeplus7\mutfak\mutfak.exe:mutfak

"UDP Query User{6CA01FC9-C574-4FF5-ACCF-6266242BE8F6}C:\\akinsoft\\cafeplus7\\mutfak\\mutfak.exe"= TCP:C:\akinsoft\cafeplus7\mutfak\mutfak.exe:mutfak

"TCP Query User{94863ACB-3C22-4DE3-8331-70C3F380B293}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster.exe"= UDP:C:\users\ihsan\desktop\ratio master\ratiomaster.exe:ratiomaster.exe

"UDP Query User{7476B5A0-7BAB-46D9-A18C-21ACA21D3FD6}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster.exe"= TCP:C:\users\ihsan\desktop\ratio master\ratiomaster.exe:ratiomaster.exe

"TCP Query User{89D29FD2-9109-4B28-9247-85607A8C8A8D}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster-vs.exe"= UDP:C:\users\ihsan\desktop\ratio master\ratiomaster-vs.exe:ratiomaster-vs.exe

"UDP Query User{2D6B04F1-15CF-4012-B3DA-03230EFB188F}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster-vs.exe"= TCP:C:\users\ihsan\desktop\ratio master\ratiomaster-vs.exe:ratiomaster-vs.exe

"TCP Query User{A2642B8C-C4AD-48BF-98DD-3658CF82EC34}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex26.290\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex26.290\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"UDP Query User{05696794-B287-4BDB-AED8-8CB80294F72B}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex26.290\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex26.290\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"TCP Query User{145D3A20-B65F-474E-B1FA-38CCEB4D94E8}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex34.371\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex34.371\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"UDP Query User{3100F126-CA67-4D49-BC8F-99A25CCEF4EC}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex34.371\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex34.371\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"TCP Query User{7260D553-C944-4E3C-9C61-B69F45457DF8}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex71.625\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex71.625\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"UDP Query User{B3BAAE5A-2E1C-4D06-B8C4-635C19EBBF7F}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex71.625\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex71.625\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe

"TCP Query User{64DA7708-A0C3-4C68-A715-0D6D99E24C71}C:\\pacsteamt\\steamapps\\g_unit_fan_best_player\\counter-strike\\hl.exe"= UDP:C:\pacsteamt\steamapps\g_unit_fan_best_player\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{4F1612F1-907A-4E9E-8EAE-1E2D69A63F78}C:\\pacsteamt\\steamapps\\g_unit_fan_best_player\\counter-strike\\hl.exe"= TCP:C:\pacsteamt\steamapps\g_unit_fan_best_player\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{1FF493DF-9DE4-4132-917A-C6798A4A7BD2}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{9B26CFF6-4CAE-4903-A300-4AA60F654EA7}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{9CF493A9-C549-4ADB-A360-34D40893FAE9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{EBE46708-7E91-453A-B463-CE6A60788819}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"{72658CCF-8EE5-4FE8-AD18-393CA7BAE722}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{EBB5263E-E1D0-4BCF-83CB-096824AF0029}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{B1E09E08-70E8-47E1-AAEB-B67C8033695A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{E9477EB9-9D09-4875-BA5A-3CC89A5379BD}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{E7150F61-0EAF-49B1-8406-E516794894D6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{B3B6CCED-A811-4A2A-861E-C7F461ED9DF5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{DFEC0DA5-511E-49BB-BC77-1E07CBD47656}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{4708B3ED-F191-4D7B-B6BE-3B456AD61401}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{D4B94D7D-9BB3-46B1-9089-83CF70187F8B}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{F31F184C-8A03-4595-96C4-0BA0B83694BD}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{BD09BB57-3D75-49D6-AF31-2D54427B8BA4}"= UDP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY

"{F29A0877-8622-4C94-B5A9-C566E6D68E81}"= TCP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY

"TCP Query User{4CF3CD02-4A8E-4C52-AD6F-C5707651EFF6}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{B1ABCB04-219C-4850-8D65-FE19EA3E297F}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{F024779D-55F1-4258-B3F3-BB92F7BE870E}C:\\users\\ihsan\\documents\\skrivebordikonerogfiler\\ratio master\\ratiomaster.exe"= UDP:C:\users\ihsan\documents\skrivebordikonerogfiler\ratio master\ratiomaster.exe:ratiomaster.exe

"UDP Query User{C5F5F9A4-AC6F-41AD-B434-EBC8948AD6AD}C:\\users\\ihsan\\documents\\skrivebordikonerogfiler\\ratio master\\ratiomaster.exe"= TCP:C:\users\ihsan\documents\skrivebordikonerogfiler\ratio master\ratiomaster.exe:ratiomaster.exe


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|


R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 06:57]

R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]

R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-14 11:47]

S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\shell\AutoRun\command - L:\Launcher.exe


*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -


HKCU-Run-FreeCall - C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

HKCU-Run-ADPHONE - C:\Program Files\ADPHONE3\ADPHONE.EXE



**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]

Rootkit scan 2008-07-04 17:17:05

Windows 6.0.6000  NTFS


scanning hidden processes ... 


scanning hidden autostart entries ...


scanning hidden files ... 


scan completed successfully

hidden files: 0


**************************************************************************

.

Completion time: 2008-07-04 17:19:20

ComboFix-quarantined-files.txt  2008-07-04 15:18:49


Pre-Run: 95,776,350,208 byte ledig

Post-Run: 96,763,469,824 byte ledig


299	--- E O F ---	2008-07-04 10:54:35

[/codebox]

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt om det.

Kjør register-renser et par ganger til alle feil er borte.

---

Last ned MBAM til skrivebordet.

Kjør fila og installer programmet. Velg Norsk språkdrakt

La programmet oppdatere seg og velg å kjør en hurtig systemskann.

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

---

Restart

---

Lag en ny hijackthis logg.

Endret av snippsat
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Skal jeg først kjøre register eller renser ?

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Kaspersky Internet Security 2009. slo alle i en test jeg leste.

følgende som var med i testen var blant annet: trend micro internet pro/security, ESET smart security, AVG, Avast..

ditt valg :P

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Skal jeg først kjøre register eller renser

Ja vi gjør dette for den fjerne temp filer og cookies.

Du skal kjøre både renser og register-renser.

Da trenger ikke MBAM scanne disse.

Endret av snippsat
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet

Ok nå har jeg kjørt register og renser.

0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Skrevet (endret)

Du bare forsetter med mbam og hijackthis.

Poster logger fra dem,så avslutter vi.

Endret av snippsat
0

Del dette innlegget

Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå
Gå til emneliste Virus og antivirus

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive