[LØST] Trenger antivirus program nod32 virker nesten ikke.

33 innlegg i emnet

Skrevet

Hei så denne linken i en tråd: www.virustotal.com Tenkte at jeg skulle skanne et program bare for fun.Dette er resultatet:

AhnLab-V3	2008.7.4.1	2008.07.04	-
AntiVir 7.8.0.64 2008.07.04 TR/Gendal.287355
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.04 -
AVG 7.5.0.516 2008.07.03 Dropper.Generic.QGV
BitDefender 7.2 2008.07.04 Trojan.Generic.4315
CAT-QuickHeal 9.50 2008.07.03 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.07.04 PUA.Packed.NPack-3
DrWeb 4.44.0.09170 2008.07.04 -
eSafe 7.0.17.0 2008.07.03 Suspicious File
eTrust-Vet 31.6.5925 2008.07.04 Win32/VMalum.BZOV
Ewido 4.0 2008.07.04 -
F-Prot 4.4.4.56 2008.07.03 -
F-Secure 7.60.13501.0 2008.07.03 W32/Suspicious_N.gen
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.04 -
Ikarus T3.1.1.26.0 2008.07.04 Trojan-PWS.Win32.Nilage.acu
Kaspersky 7.0.0.125 2008.07.04 -
McAfee 5331 2008.07.03 New Malware.aq
Microsoft 1.3704 2008.07.04 -
NOD32v2 3241 2008.07.04 -
Norman 5.80.02 2008.07.04 W32/Suspicious_N.gen
Panda 9.0.0.4 2008.07.03 Generic Trojan
Prevx1 V2 2008.07.04 Malware Dropper
Rising 20.51.42.00 2008.07.04 -
Sophos 4.30.0 2008.07.04 Mal/Generic-A
Sunbelt 3.1.1509.1 2008.07.04 Trojan.Unclassified.gen
Symantec 10 2008.07.04 Trojan Horse
TheHacker 6.2.96.370 2008.07.04 W32/Behav-Heuristic-063
TrendMicro 8.700.0.1004 2008.07.04 -
VBA32 3.12.6.8 2008.07.03 -
VirusBuster 4.5.11.0 2008.07.03 Packed/NSPack
Webwasher-Gateway 6.6.2 2008.07.04 Trojan.Gendal.287355[/codebox]

Som dere ser fant en god del av antivirusene virus. Men nod32 fant ikke noe. Derfor tenkte jeg at jeg trenger et annet antivirus program.

Er det et antivirus program som passer bra sammen med nod32 ? Eller skal jeg bare ha et antivirus eller hva ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Har du oppdatert Nod32 i det siste - og har du kjøpt lovlig versjon? Og du lastet ned et program du VET er infisert for å teste scanningen? Normalt pleier Nod32 ta det meste bare du prøver skrive filen til disk. Nod 32 pleier som regel alltid score 100% på EICAR-testene.

Du bør bare ha et antivirus program inne av gangen.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kjøpt lovlig.

Last successful update: 04.07.2008 12:48:13

Som du ser nesten alle programmene på virus total sier at det er virus.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Test flere filer, kanskje test dette:

http://itpro.no/supportforum/index.php?sho...mp;#entry506507

Skjekk hvilke som finner noe, sammenlign, og velg en ?

skal teste en trojan jeg har så skal jeg redigere og si hvem som ikke fant den :)

EDIT:

http://virusscan.jotti.org/ ;

A-Squared  	Found nothing
AntiVir Found TR/Spy.Agent.AHAC
ArcaVir Found Trojan.Downloader.Small.Bzt, Adware.Vapsup.Ckw
Avast Found Win32:Turkojan-B
AVG Antivirus Found BackDoor.Delf
BitDefender Found Backdoor.Turkojan.BB
ClamAV Found Trojan.Truko-271
CPsecure Found BackDoor.W32.Turkojan.il
Dr.Web Found Trojan.Rent.27
F-Prot Antivirus Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus
F-Secure Anti-Virus Found Backdoor:W32/Turkojan.U, Backdoor.Win32.Turkojan.akt
Fortinet Found nothing
Ikarus Found Backdoor.Win32.Delf.ZG
Kaspersky Anti-Virus Found Backdoor.Win32.Turkojan.akt
NOD32 Found Win32/Cakl.NAM
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Agent-GMF, Troj/Bckdr-QNL, Sus/Behav-1007 (probable variant)
VirusBuster Found Backdoor.Turkojan.Gen
VBA32 Found Backdoor.Win32.Turkojan.akt [/codebox]

http://www.virustotal.com ;

[codebox]Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.1 2008.07.04 -
AntiVir 7.8.0.64 2008.07.04 TR/Spy.Agent.AHAC
Authentium 5.1.0.4 2008.07.04 W32/Trojan2.AFSD
Avast 4.8.1195.0 2008.07.04 Win32:Agent-UMM
AVG 7.5.0.516 2008.07.03 BackDoor.Delf
BitDefender 7.2 2008.07.04 Backdoor.Turkojan.BB
CAT-QuickHeal 9.50 2008.07.03 Backdoor.Turkojan.akt
ClamAV 0.93.1 2008.07.04 Trojan.Truko-271
DrWeb 4.44.0.09170 2008.07.04 Trojan.Rent.27
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5925 2008.07.04 -
Ewido 4.0 2008.07.04 -
F-Prot 4.4.4.56 2008.07.03 W32/Agent.AW.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.03 Backdoor.Win32.Turkojan.akt
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.04 Backdoor.Win32.Turkojan.akt
Ikarus T3.1.1.26.0 2008.07.04 Backdoor.Win32.Delf.ZG
Kaspersky 7.0.0.125 2008.07.04 Backdoor.Win32.Turkojan.akt
McAfee 5331 2008.07.03 BackDoor-CZP
Microsoft 1.3704 2008.07.04 Backdoor:Win32/Turkojan.gen!A
NOD32v2 3241 2008.07.04 Win32/Cakl.NAM
Norman 5.80.02 2008.07.04 W32/Smalltroj.CXHE.dropper
Panda 9.0.0.4 2008.07.03 Suspicious file
Prevx1 V2 2008.07.04 -
Rising 20.51.42.00 2008.07.04 Trojan.Win32.Undef.dhp
Sophos 4.30.0 2008.07.04 Troj/Agent-GMF
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.04 -
TheHacker 6.2.96.370 2008.07.04 -
TrendMicro 8.700.0.1004 2008.07.04 TROJ_DELF.EFH
VBA32 3.12.6.8 2008.07.03 Backdoor.Win32.Turkojan.akt
VirusBuster 4.5.11.0 2008.07.04 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.07.04 Trojan.Spy.Agent.AHAC

Endret av Morten242
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Morten fikk ikke lagret engang. Den peip før jeg fikk lagret filen. Sa at det var virus. Så det er ganske greit.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tror nesten alle finner den på linken jeg linket til, avast fant den også :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Avast blandt annet, min fant den så fort jeg søkte i den :P

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det er der problemet er. Har brukt avast,avg og en god del andre. Men nod32 fikk så bra på alle tester. Første plass på en haug med tester. Derfor tenkte jeg at dette så bra ut. Hva synes du jeg burde gjøre ? Gå over til avast pro ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Avast har også fått priser, skal ikke si du MÅ ha det og det..

Anbefaler avast, men det er fullt og helt opp til deg.

Kan også hende flere som har forslag

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kan jeg bruke avast og nod eller nod og avg eller avg og avast ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Har hørt at 2 antivirus ikke er helt å anbefale, da jobber de mot hverandre og ender opp med 0 resultat

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Har hørt det samme. Men som jeg vet er det noen antivirus som kan jobbe sammen. Eller tar jeg helt feil nå ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Tror ikke det, blir vel mere som f.eks avast og spybot, begge er ikke anti-virus, men de beskytter maskina de uansett :P

Jeg for min del har Ad-aware, avast og spy bot, og søker gjennom maskina 1 gang i uka med spy bot og ad-aware ;)

Avast gjør det hele tia ellers, og når skjermspareren er på :P

Men det blir opp til deg om hva du vil ha osv.. osv.. ;)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Nod32 er noe av det beste du kan få.

For og bedere sikkerhet kjøper du ikke nytt antivirus da er du like langt.

Du installere en brannvegg(comodo eller online armor)

Disse er gratis og du får ikke bedere selv om du bruker penger på dette.

Du har også sterkere program som SAS og MBAM.

Virustotal vil alltid finne ting som antivirus ikke finner.

Husk at det er noe falsk posetivs ute og går.

Men finner mange noe grums er filen infesert.

Er du tvil om du har maleware,kan du poste en combofix logg.

Dette er det et kraftig verktøy som malware har vondt for og slippe unna,poster du loggen som må tolkes får du alltid hjelp blir vel meg eller norbat.

Har hørt det samme. Men som jeg vet er det noen antivirus som kan jobbe sammen. Eller tar jeg helt feil nå ?

Du skal kun ha et antivirus på systemet.

Jeg for min del har Ad-aware, avast og spy bot, og søker gjennom maskina 1 gang i uka med spy bot og ad-aware

Ad-adware og spybot er nok ikke samme klasse som sas og mbam.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Venter til noen andre har skrivd sine meninger.

EDIT: Valget mitt ligger nå mellom: AntiVir, Avast pro,Avast free, Nod32, AVG pro, AVG free, Bitdefender, Panda, Norman, Kaspersky Anti-Virus

Endret av GTA IV FAN
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kunne noen se på hijackthis loggen ? Første gang jeg prøver hijackthis. Er ikke sikker på om dette er riktig logg da.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:28, on 04.07.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.no/"]http://www.google.no/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\Cplusc.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9760 bytes
[/codebox]

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja litt grums er det jo.

---

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

---

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

---

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er combofix loggen. Men siden jeg bruker spy bot. Som kom det slette verdi box. Det gjør vel ikke noe det ?

.

((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-04 17:11 . 2008-07-04 17:11 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-06-28 20:00 . 2008-06-28 20:00 <DIR> d-------- C:\Users\Ihsan\dwhelper
2008-06-27 16:25 . 2008-06-27 16:26 <DIR> d-------- C:\Users\Ihsan\AppData\Roaming\FileZilla
2008-06-27 16:25 . 2008-06-27 16:25 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-06-25 17:12 . 2008-06-25 17:12 <DIR> d-------- C:\Program Files\Stardock
2008-06-14 13:23 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 13:23 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 13:23 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 13:23 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 13:23 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 13:23 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 13:23 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 18:35 . 2008-04-26 10:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 18:35 . 2008-04-25 06:23 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-11 18:35 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 18:35 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-09 22:53 . 2008-06-15 12:20 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-06-09 22:52 . 2008-07-04 12:49 <DIR> d-------- C:\Program Files\Steam
2008-06-05 22:36 . 2008-06-05 22:53 <DIR> d-------- C:\vcs5BGEffects
2008-06-05 22:34 . 2008-06-05 22:35 <DIR> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-06-05 16:38 . 2008-06-05 16:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-04 21:13 . 2008-06-04 21:13 <DIR> d-------- C:\Users\Ihsan\AppData\Roaming\Nero
2008-06-04 21:07 . 2008-06-04 21:07 <DIR> d-------- C:\ProgramData\Nero
2008-06-04 21:07 . 2008-06-04 21:07 <DIR> d-------- C:\Program Files\Nero
2008-06-04 21:07 . 2008-06-04 21:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-04 19:28 . 1999-12-17 10:13 86,016 --a------ C:\Windows\unvise32.exe
2008-06-04 19:27 . 2008-06-04 19:27 <DIR> d-------- C:\Program Files\DivXLand

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 15:07 --------- d-----w C:\Users\Ihsan\AppData\Roaming\SiteAdvisor
2008-07-04 14:37 --------- d-----w C:\Program Files\Trend Micro
2008-07-03 21:00 --------- d-----w C:\Users\Ihsan\AppData\Roaming\uTorrent
2008-06-29 11:29 --------- d-----w C:\Users\Ihsan\AppData\Roaming\LimeWire
2008-06-28 10:45 --------- d---a-w C:\ProgramData\TEMP
2008-06-26 18:00 --------- d-----w C:\Program Files\Search Settings
2008-06-26 14:56 --------- d-----w C:\Users\Ihsan\AppData\Roaming\Winamp
2008-06-26 14:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-26 14:56 --------- d-----w C:\ProgramData\FLEXnet
2008-06-23 15:39 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-06-23 11:14 --------- d-----w C:\Program Files\valve
2008-06-21 13:12 --------- d-----w C:\Program Files\Cheat Engine
2008-06-14 18:00 --------- d-----w C:\Users\Ihsan\AppData\Roaming\mIRC
2008-06-12 06:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-02 13:14 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-06-02 13:14 249,856 ------w C:\Windows\Setup1.exe
2008-06-02 13:14 --------- d-----w C:\Program Files\Date Cracker 2000
2008-05-31 19:59 --------- d-----w C:\ProgramData\OrbNetworks
2008-05-31 19:58 --------- d-----w C:\Program Files\Winamp
2008-05-31 19:57 --------- d-----w C:\ProgramData\Winamp Toolbar
2008-05-31 19:57 --------- d-----w C:\Program Files\Winamp Toolbar
2008-05-31 19:57 --------- d-----w C:\Program Files\Winamp Remote
2008-05-31 11:33 --------- d-----w C:\Users\Ihsan\AppData\Roaming\PoivY
2008-05-31 11:31 --------- d-----w C:\Program Files\PoivY.com
2008-05-30 22:59 --------- d-----w C:\Program Files\mIRC
2008-05-30 21:41 --------- d-----w C:\Program Files\RegCleaner
2008-05-30 21:18 --------- d-----w C:\Users\Ihsan\AppData\Roaming\VoipStunt
2008-05-30 21:16 --------- d-----w C:\Program Files\VoipStunt.com
2008-05-30 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 18:13 --------- d-----w C:\Program Files\Audacity
2008-05-28 14:28 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-05-27 20:50 --------- d-----w C:\ProgramData\Messenger Plus!
2008-05-27 20:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-25 11:20 --------- d-----w C:\Program Files\Opera
2008-05-22 13:15 --------- d-----w C:\Users\Ihsan\AppData\Roaming\vlc
2008-05-22 13:09 --------- d-----w C:\Program Files\VideoLAN
2008-05-21 13:30 --------- d-----w C:\Program Files\Bonjour
2008-05-20 20:12 --------- d-----w C:\Program Files\AKINSOFT
2008-05-19 14:52 --------- d-----w C:\Program Files\QuickTime
2008-05-19 14:51 --------- d-----w C:\ProgramData\Apple Computer
2008-05-19 14:50 --------- d-----w C:\Program Files\Apple Software Update
2008-05-19 14:49 --------- d-----w C:\ProgramData\Apple
2008-05-19 14:49 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-15 14:31 --------- d-----w C:\ProgramData\Lavasoft
2008-05-15 14:28 --------- d-----w C:\Program Files\Lavasoft
2008-05-15 14:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 20:50 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 21:45 --------- d-----w C:\Users\Ihsan\AppData\Roaming\CoreFTP
2008-05-11 13:34 --------- d-----w C:\Program Files\CoreFTP
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-19 09:16 174 --sha-w C:\Program Files\desktop.ini
2008-04-18 23:02 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-18 23:02 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-18 23:02 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-18 23:02 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-18 23:02 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-18 23:02 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-04-18 23:02 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-18 23:02 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-18 23:02 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-18 23:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-18 22:54 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-18 22:54 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-18 22:54 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-18 22:54 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-18 22:52 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-18 22:52 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-18 22:51 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-04-18 22:51 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-04-18 22:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-18 22:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-18 22:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-18 22:46 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-18 22:46 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-18 22:46 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-04-18 22:46 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-04-18 22:46 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-04-18 22:46 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-04-18 22:46 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-04-18 22:46 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-04-18 22:46 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-04-18 22:46 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-04-18 22:46 12,800 ----a-w C:\Windows\System32\batt.dll
2008-04-18 22:46 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-04-18 22:45 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-18 22:44 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-18 22:44 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-18 22:44 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-18 22:44 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-18 22:42 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-04-18 22:42 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-04-18 22:40 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-18 22:40 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-18 22:39 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-18 22:37 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-18 22:37 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-18 22:28 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-18 22:25 750,080 ----a-w C:\Windows\System32\qmgr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-04-16 17:56 1107296 --a------ C:\Program Files\Search Settings\kb127\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-12-13 16:31 8824112]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-06-09 22:56 1271032]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-19 00:39 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 23:07 202024]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 11:24 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 11:24 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 11:24 133912]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"CafePlus Client"="C:\Program Files\AKINSOFT\Cplus7\Client7\Cplusc.exe" [2007-02-14 13:59 2787328]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 11:01 4431872 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoPwdPage"= 0 (0x0)
"NoProfilePage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{759294BD-CC27-4508-9DBC-30CE547934AF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2D76A279-02CA-42CB-9D37-6DAC5886D0B8}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1D35E50F-9874-4B7B-8E6C-A81EAD4931F1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{701F6115-6C69-4733-8252-FDEDE0703CCC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EFBB7117-79C5-4D21-87B3-1CD59B7A5E90}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A26CA58-12FE-4D14-ADDF-1970A5B05684}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{515C827F-94B3-4E49-A99F-96FEB4E83ECD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E000A25A-97F0-46D2-8B36-159F1C2293BA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DCBBE8D7-F84F-4AAD-B3B5-F3699DCBD790}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{CBAB334B-B87E-4CC8-B2BA-D6524AC25BB0}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"{498B9B53-4D09-4673-A987-E3B1FBFD4EBA}"= Disabled:UDP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{E272CF3F-8005-401C-9BB1-11A816F9DC3B}"= Disabled:TCP:C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{E2F44BF2-10E8-48FC-805A-3AB5DFB480F9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{6A4AE279-D2E4-4A56-A347-477F12FCA9D2}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{AEB490A9-345D-42F6-90A3-381A576209DF}"= UDP:3306:MySQL Server
"TCP Query User{73176397-2FFE-40A9-A65D-FA3AAA07F45E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1C73050C-7691-4564-AF13-11275F22D81C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{090C405E-4A5C-492A-8235-192B71B62DF6}C:\\program files\\steam\\steamapps\\_killer_50\\condition zero\\hl.exe"= UDP:C:\program files\steam\steamapps\_killer_50\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{1480EEB1-D0E0-4897-909A-F0386C16B17C}C:\\program files\\steam\\steamapps\\_killer_50\\condition zero\\hl.exe"= TCP:C:\program files\steam\steamapps\_killer_50\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{39636E9F-CFAE-4CA7-8447-3CC62A2B1D14}C:\\program files\\steam\\steamapps\\_killer_50\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\_killer_50\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{86391366-C585-442F-A6A6-C4D521C1DB99}C:\\program files\\steam\\steamapps\\_killer_50\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\_killer_50\counter-strike\hl.exe:Half-Life Launcher
"{C743DF64-39C0-415D-82BE-65A0CF928371}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{19208297-D69E-4016-852F-1EB27C91FB96}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{0269CFD3-28C8-4596-B0F5-29EE02F2B805}C:\\program files\\akinsoft\\cplus7\\client7\\cplusc.exe"= UDP:C:\program files\akinsoft\cplus7\client7\cplusc.exe:CplusC
"UDP Query User{9DDFD7C0-1641-4DFC-B40A-380EB1818D5A}C:\\program files\\akinsoft\\cplus7\\client7\\cplusc.exe"= TCP:C:\program files\akinsoft\cplus7\client7\cplusc.exe:CplusC
"TCP Query User{D0A2A3FE-8EAD-4E4D-A9FB-A2FF51943773}C:\\akinsoft\\cafeplus7\\vision\\cpvision.exe"= UDP:C:\akinsoft\cafeplus7\vision\cpvision.exe:CPVision
"UDP Query User{92030D0C-D7A8-4A40-80BE-D110288F9CA9}C:\\akinsoft\\cafeplus7\\vision\\cpvision.exe"= TCP:C:\akinsoft\cafeplus7\vision\cpvision.exe:CPVision
"TCP Query User{777B7ECD-6BD1-4B36-91FB-87D867B2844D}C:\\akinsoft\\cafeplus7\\mutfak\\mutfak.exe"= UDP:C:\akinsoft\cafeplus7\mutfak\mutfak.exe:mutfak
"UDP Query User{6CA01FC9-C574-4FF5-ACCF-6266242BE8F6}C:\\akinsoft\\cafeplus7\\mutfak\\mutfak.exe"= TCP:C:\akinsoft\cafeplus7\mutfak\mutfak.exe:mutfak
"TCP Query User{94863ACB-3C22-4DE3-8331-70C3F380B293}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster.exe"= UDP:C:\users\ihsan\desktop\ratio master\ratiomaster.exe:ratiomaster.exe
"UDP Query User{7476B5A0-7BAB-46D9-A18C-21ACA21D3FD6}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster.exe"= TCP:C:\users\ihsan\desktop\ratio master\ratiomaster.exe:ratiomaster.exe
"TCP Query User{89D29FD2-9109-4B28-9247-85607A8C8A8D}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster-vs.exe"= UDP:C:\users\ihsan\desktop\ratio master\ratiomaster-vs.exe:ratiomaster-vs.exe
"UDP Query User{2D6B04F1-15CF-4012-B3DA-03230EFB188F}C:\\users\\ihsan\\desktop\\ratio master\\ratiomaster-vs.exe"= TCP:C:\users\ihsan\desktop\ratio master\ratiomaster-vs.exe:ratiomaster-vs.exe
"TCP Query User{A2642B8C-C4AD-48BF-98DD-3658CF82EC34}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex26.290\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex26.290\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"UDP Query User{05696794-B287-4BDB-AED8-8CB80294F72B}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex26.290\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex26.290\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"TCP Query User{145D3A20-B65F-474E-B1FA-38CCEB4D94E8}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex34.371\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex34.371\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"UDP Query User{3100F126-CA67-4D49-BC8F-99A25CCEF4EC}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex34.371\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex34.371\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"TCP Query User{7260D553-C944-4E3C-9C61-B69F45457DF8}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex71.625\\ratiomaker_0.5.1.122.exe"= UDP:C:\users\ihsan\appdata\local\temp\rar$ex71.625\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"UDP Query User{B3BAAE5A-2E1C-4D06-B8C4-635C19EBBF7F}C:\\users\\ihsan\\appdata\\local\\temp\\rar$ex71.625\\ratiomaker_0.5.1.122.exe"= TCP:C:\users\ihsan\appdata\local\temp\rar$ex71.625\ratiomaker_0.5.1.122.exe:ratiomaker_0.5.1.122.exe
"TCP Query User{64DA7708-A0C3-4C68-A715-0D6D99E24C71}C:\\pacsteamt\\steamapps\\g_unit_fan_best_player\\counter-strike\\hl.exe"= UDP:C:\pacsteamt\steamapps\g_unit_fan_best_player\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4F1612F1-907A-4E9E-8EAE-1E2D69A63F78}C:\\pacsteamt\\steamapps\\g_unit_fan_best_player\\counter-strike\\hl.exe"= TCP:C:\pacsteamt\steamapps\g_unit_fan_best_player\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{1FF493DF-9DE4-4132-917A-C6798A4A7BD2}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{9B26CFF6-4CAE-4903-A300-4AA60F654EA7}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{9CF493A9-C549-4ADB-A360-34D40893FAE9}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{EBE46708-7E91-453A-B463-CE6A60788819}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"{72658CCF-8EE5-4FE8-AD18-393CA7BAE722}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{EBB5263E-E1D0-4BCF-83CB-096824AF0029}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B1E09E08-70E8-47E1-AAEB-B67C8033695A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E9477EB9-9D09-4875-BA5A-3CC89A5379BD}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E7150F61-0EAF-49B1-8406-E516794894D6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{B3B6CCED-A811-4A2A-861E-C7F461ED9DF5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DFEC0DA5-511E-49BB-BC77-1E07CBD47656}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4708B3ED-F191-4D7B-B6BE-3B456AD61401}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D4B94D7D-9BB3-46B1-9089-83CF70187F8B}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{F31F184C-8A03-4595-96C4-0BA0B83694BD}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{BD09BB57-3D75-49D6-AF31-2D54427B8BA4}"= UDP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"{F29A0877-8622-4C94-B5A9-C566E6D68E81}"= TCP:C:\Program Files\PoivY.com\PoivY\PoivY.exe:PoivY
"TCP Query User{4CF3CD02-4A8E-4C52-AD6F-C5707651EFF6}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{B1ABCB04-219C-4850-8D65-FE19EA3E297F}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{F024779D-55F1-4258-B3F3-BB92F7BE870E}C:\\users\\ihsan\\documents\\skrivebordikonerogfiler\\ratio master\\ratiomaster.exe"= UDP:C:\users\ihsan\documents\skrivebordikonerogfiler\ratio master\ratiomaster.exe:ratiomaster.exe
"UDP Query User{C5F5F9A4-AC6F-41AD-B434-EBC8948AD6AD}C:\\users\\ihsan\\documents\\skrivebordikonerogfiler\\ratio master\\ratiomaster.exe"= TCP:C:\users\ihsan\documents\skrivebordikonerogfiler\ratio master\ratiomaster.exe:ratiomaster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 RUBotted;Trend Micro RUBotted Service;"C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe" [2007-12-19 00:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 06:57]
R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]
R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-14 11:47]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\Launcher.exe

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FreeCall - C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
HKCU-Run-ADPHONE - C:\Program Files\ADPHONE3\ADPHONE.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-07-04 17:17:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-04 17:19:20
ComboFix-quarantined-files.txt 2008-07-04 15:18:49

Pre-Run: 95,776,350,208 byte ledig
Post-Run: 96,763,469,824 byte ledig

299 --- E O F --- 2008-07-04 10:54:35
[/codebox]

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt om det.

Kjør register-renser et par ganger til alle feil er borte.

---

Last ned MBAM til skrivebordet.

Kjør fila og installer programmet. Velg Norsk språkdrakt

La programmet oppdatere seg og velg å kjør en hurtig systemskann.

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

---

Restart

---

Lag en ny hijackthis logg.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Skal jeg først kjøre register eller renser ?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kaspersky Internet Security 2009. slo alle i en test jeg leste.

følgende som var med i testen var blant annet: trend micro internet pro/security, ESET smart security, AVG, Avast..

ditt valg :P

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Skal jeg først kjøre register eller renser

Ja vi gjør dette for den fjerne temp filer og cookies.

Du skal kjøre både renser og register-renser.

Da trenger ikke MBAM scanne disse.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ok nå har jeg kjørt register og renser.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Du bare forsetter med mbam og hijackthis.

Poster logger fra dem,så avslutter vi.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive