Ta bort trojan

[anna1965]

Har fått en trojan i en .exe fil

Försökt ta bort den med Nod 32 men det går inte. Hur gör jag för att få bort filen?

Får bara ett felmeddelande:

Error while deleting - File is locked up

 

win32/TrojanDownloader.Fakealert.AEO trojan

 

[Cecilia]

Vilken fil är det som Nod32 hittar och i vilken mapp finns den?

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet (i Vista högerklicka och Kör som administratör).

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar bifogar du de två loggarna DSS.txt och Attach.txt på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

Upprepa med nästa logg.

 

[anna1965]

Den finns in mappen c:/downloads och är en film som jag inte ens vet vad det är för något.

onlinemovies.40008.vo1.exe

 

Tror det är detta du vill se:

 

[log]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 2009-02-27 14:43:38

System Uptime: 2009-08-07 09:35:24 (2 hours ago)

 

Motherboard: ACER | | MCP73PV

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | SOCKET775 M/B | 2403/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 293 GiB total, 134,814 GiB free.

D: is FIXED (NTFS) - 293 GiB total, 292,981 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&8CB234F&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&8CB234F&0

Service: i8042prt

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

AAC Decoder

AC3Filter (remove only)

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePerformance Management

Acer eSettings Management

Acer GameZone Console DTV 2.0.1.1

Acer ScreenSaver

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 6.0

Adobe Reader 9.1.1 - Svenska

Adobe Shockwave Player 11.5

Agatha Christie Death on the Nile

Alice Greenfingers

Alien Skin Exposure 2

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Auto FTP Manager 4.3

AutoUpdate

Azada

Backspin Billiards

Big Kahuna Reef

BitComet 1.10

Bonjour

Bookworm Deluxe

Bricks of Egypt

Cake Mania

CCleaner (remove only)

Chicken Invaders 3

Choice Guard

Chuzzle

Core FTP LE 2.1

Corel Paint Shop Pro Photo X2

Curse Client

Diner Dash Flo on the Go

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Web Player

DivX Version Checker

eSobi v2

Flip Words 2

Google Desktop

Google Toolbar for Internet Explorer

H.264 Decoder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java 6 Update 13

Jewel Quest Solitaire

Kick N Rush

LightScribe 1.4.142.1

LimeWire PRO 4.12.11

MAGIX Music Maker silver 15.0.1.9 (UK)

Mahjong Escape Ancient China

Mahjongg Artifacts

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Uppdatering (KB963678)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word 2007 Help Uppdatering (KB963665)

Microsoft Office Word MUI (Swedish) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mirar

MKV Splitter

Mozilla Firefox (3.0.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

Neat Image v5 Demo (with plug-in)

NOD32 antivirus system

NOD32 FiX v2.1

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

OGA Notifier 1.7.0105.35.0

Personal 4.10

PhotoNow!

PowerDirector (Acer DT)

PowerDVD 7.0 with 5.1ch

QuickTime

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 8

Spotify

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

TeamSpeak 2 RC2

ThreatFire

Tiffen Dfx v1.0 for Photoshop

Topaz Vivacity

Turbo Pizza

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

Ventrilo Client

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Upload Tool

WinRAR archiver

VoiceOver Kit

World of Warcraft

Xvid 1.1.3 final uninstall

Zuma Deluxe

 

==== End Of File ===========================[/log]

 

Lagt till LOG-taggar

När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-08-07 11:19:16 av Cecilia]

[anna1965]

[log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 2009-02-27 14:43:38

System Uptime: 2009-08-07 09:35:24 (2 hours ago)

 

Motherboard: ACER | | MCP73PV

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | SOCKET775 M/B | 2403/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 293 GiB total, 134,814 GiB free.

D: is FIXED (NTFS) - 293 GiB total, 292,981 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&8CB234F&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&8CB234F&0

Service: i8042prt

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

AAC Decoder

AC3Filter (remove only)

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePerformance Management

Acer eSettings Management

Acer GameZone Console DTV 2.0.1.1

Acer ScreenSaver

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 6.0

Adobe Reader 9.1.1 - Svenska

Adobe Shockwave Player 11.5

Agatha Christie Death on the Nile

Alice Greenfingers

Alien Skin Exposure 2

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Auto FTP Manager 4.3

AutoUpdate

Azada

Backspin Billiards

Big Kahuna Reef

BitComet 1.10

Bonjour

Bookworm Deluxe

Bricks of Egypt

Cake Mania

CCleaner (remove only)

Chicken Invaders 3

Choice Guard

Chuzzle

Core FTP LE 2.1

Corel Paint Shop Pro Photo X2

Curse Client

Diner Dash Flo on the Go

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Web Player

DivX Version Checker

eSobi v2

Flip Words 2

Google Desktop

Google Toolbar for Internet Explorer

H.264 Decoder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java 6 Update 13

Jewel Quest Solitaire

Kick N Rush

LightScribe 1.4.142.1

LimeWire PRO 4.12.11

MAGIX Music Maker silver 15.0.1.9 (UK)

Mahjong Escape Ancient China

Mahjongg Artifacts

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Uppdatering (KB963678)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word 2007 Help Uppdatering (KB963665)

Microsoft Office Word MUI (Swedish) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mirar

MKV Splitter

Mozilla Firefox (3.0.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

Neat Image v5 Demo (with plug-in)

NOD32 antivirus system

NOD32 FiX v2.1

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

OGA Notifier 1.7.0105.35.0

Personal 4.10

PhotoNow!

PowerDirector (Acer DT)

PowerDVD 7.0 with 5.1ch

QuickTime

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 8

Spotify

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

TeamSpeak 2 RC2

ThreatFire

Tiffen Dfx v1.0 for Photoshop

Topaz Vivacity

Turbo Pizza

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

Ventrilo Client

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Upload Tool

WinRAR archiver

VoiceOver Kit

World of Warcraft

Xvid 1.1.3 final uninstall

Zuma Deluxe

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Det ser ut som att du använder en crackad Nod32. Om det stämmer så avinstallera det och lägg hit nya DDS-loggar (båda två) efter det.

 

[anna1965]

[log]

DDS (Ver_09-07-30.01) - NTFSx86

Run by Maria at 11:35:57,37 on 2009-08-07

Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.46.1053.18.3070.1926 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\system32\astsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ThreatFire\TFService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Maria\Desktop\dds.scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.mioshcats.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=1&o=vb32&d=0209&m=aspire_m3641

uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=1&o=vb32&d=0209&m=aspire_m3641

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: {9EC00EBC-AACA-48C5-8836-D79B226921D4} - No File

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Apanel] c:\acersw\config\SetApanel.cmd

mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe

mRun: [skytel] Skytel.exe

mRun: [eRecoveryService]

mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe

mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.mioshcats.com/auth/controls/IlosoftImageUpload.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\maria\appdata\roaming\mozilla\firefox\profiles\q1xgdich.defaultFF - prefs.js: browser.startup.homepage - www.mioshcats.com

FF - component: c:\users\maria\appdata\roaming\mozilla\firefox\profiles\q1xgdich.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextensionFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2009-2-28 133152]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-2-27 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-2-27 46864]

R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-2-28 42528]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-2-27 33552]

S3 GoogleDesktopManager-080708-050100;Google Desktop-hanteraren 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-27 24064]

 

=============== Created Last 30 ================

 

2009-08-05 13:12 156,160 a------- c:\windows\system32\msls31.dll

2009-08-05 01:46 56 a---h--- c:\programdata\ezsidmv.dat

2009-08-05 01:46 56 a---h--- c:\progra~2\ezsidmv.dat

2009-08-05 01:44 <DIR> --d--r-- c:\program files\Skype

2009-08-03 18:45 <DIR> --d----- c:\program files\CCleaner

2009-08-01 07:06 608,448 a------- c:\windows\system32\comctl32.ocx

2009-08-01 07:06 137,000 a------- c:\windows\system32\msmapi32.ocx

2009-08-01 07:05 <DIR> --d----- C:\MyHeritage

2009-07-29 15:32 <DIR> --d----- c:\windows\system32\Adobe

2009-07-22 13:15 <DIR> --d----- c:\program files\Alien Skin

2009-07-17 20:51 34,064 a------- c:\windows\system32\lhacm.acm

2009-07-17 20:51 <DIR> --d----- c:\program files\Teamspeak2_RC2

2009-07-15 11:26 156,672 a------- c:\windows\system32\t2embed.dll

2009-07-15 11:26 289,792 a------- c:\windows\system32\atmfd.dll

2009-07-15 11:26 72,704 a------- c:\windows\system32\fontsub.dll

2009-07-15 11:26 10,240 a------- c:\windows\system32\dciman32.dll

2009-07-14 10:34 4,096 a------- c:\windows\d3dx.dat

2009-07-14 10:27 <DIR> --d----- C:\FFXI Install

 

==================== Find3M ====================

 

2009-08-07 09:41 597,598 a------- c:\windows\system32\perfh01D.dat

2009-08-07 09:41 117,210 a------- c:\windows\system32\perfc01D.dat

2009-08-01 17:57 2,516 a--sh--- c:\programdata\KGyGaAvL.sys

2009-08-01 17:57 2,516 a--sh--- c:\progra~2\KGyGaAvL.sys

2009-08-01 17:57 88 ---shr-- c:\programdata\ABD0A5FF80.sys

2009-08-01 17:57 88 ---shr-- c:\progra~2\ABD0A5FF80.sys

2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll

2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll

2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll

2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe

2009-06-21 18:24 70,626 a------- c:\windows\system32\win9c.exe

2009-06-19 22:37 46,864 a------- c:\windows\system32\drivers\TfSysMon.sys

2009-06-19 22:37 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys

2009-06-19 22:37 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys

2009-06-16 20:21 86,016 a------- c:\windows\inf\infstrng.dat

2009-06-16 20:21 86,016 a------- c:\windows\inf\infstor.dat

2009-06-16 20:21 51,200 a------- c:\windows\inf\infpub.dat

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll

2009-02-27 17:16 665,600 a------- c:\windows\inf\drvindex.dat

2008-01-21 08:17 290,490 a------- c:\windows\inf\perflib\041d\perfi.dat

2008-01-21 08:17 290,490 a------- c:\windows\inf\perflib\041d\perfh.dat

2008-01-21 08:17 35,978 a------- c:\windows\inf\perflib\041d\perfd.dat

2008-01-21 08:17 35,978 a------- c:\windows\inf\perflib\041d\perfc.dat

2008-01-21 04:57 174 a--sh--- c:\program files\desktop.ini

2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 11:37:18,36 ===============

[/log][log]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 2009-02-27 14:43:38

System Uptime: 2009-08-07 11:31:54 (0 hours ago)

 

Motherboard: ACER | | MCP73PV

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | SOCKET775 M/B | 2403/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 293 GiB total, 134,895 GiB free.

D: is FIXED (NTFS) - 293 GiB total, 292,981 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&8CB234F&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&8CB234F&0

Service: i8042prt

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

AAC Decoder

AC3Filter (remove only)

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePerformance Management

Acer eSettings Management

Acer GameZone Console DTV 2.0.1.1

Acer ScreenSaver

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop Elements 6.0

Adobe Reader 9.1.1 - Svenska

Adobe Shockwave Player 11.5

Agatha Christie Death on the Nile

Alice Greenfingers

Alien Skin Exposure 2

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Auto FTP Manager 4.3

AutoUpdate

Azada

Backspin Billiards

Big Kahuna Reef

BitComet 1.10

Bonjour

Bookworm Deluxe

Bricks of Egypt

Cake Mania

CCleaner (remove only)

Chicken Invaders 3

Choice Guard

Chuzzle

Core FTP LE 2.1

Corel Paint Shop Pro Photo X2

Curse Client

Diner Dash Flo on the Go

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Web Player

DivX Version Checker

eSobi v2

Flip Words 2

Google Desktop

Google Toolbar for Internet Explorer

H.264 Decoder

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java 6 Update 13

Jewel Quest Solitaire

Kick N Rush

LightScribe 1.4.142.1

LimeWire PRO 4.12.11

MAGIX Music Maker silver 15.0.1.9 (UK)

Mahjong Escape Ancient China

Mahjongg Artifacts

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Uppdatering (KB963678)

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word 2007 Help Uppdatering (KB963665)

Microsoft Office Word MUI (Swedish) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mirar

MKV Splitter

Mozilla Firefox (3.0.13)

MSVCRT

MSXML 4.0 SP2 (KB954430)

Mystery Case Files - Huntsville

Mystery Solitaire - Secret Island

Neat Image v5 Demo (with plug-in)

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

OGA Notifier 1.7.0105.35.0

Personal 4.10

PhotoNow!

PowerDirector (Acer DT)

PowerDVD 7.0 with 5.1ch

QuickTime

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Skype™ 4.1

Spelling Dictionaries Support For Adobe Reader 8

Spotify

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

TeamSpeak 2 RC2

ThreatFire

Tiffen Dfx v1.0 for Photoshop

Topaz Vivacity

Turbo Pizza

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

Ventrilo Client

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Upload Tool

WinRAR archiver

VoiceOver Kit

World of Warcraft

Xvid 1.1.3 final uninstall

Zuma Deluxe

 

==== End Of File ===========================

[/log]

 

[Cecilia]

Avinstallera Mirar också för det är skadligt. Lägg hit en ny DDS-logg efter det (Attach.txt behövs inte).

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE

c:\programdata\ABD0A5FF80.sys

 

[anna1965]

Det gick inte att avinstallera Mirar, ett error dök upp att den inte kan hitta filen

Ska klistra in det andra nu

 

 

[anna1965]

Det fungerar inte att klistra in filnamnen på sidan man kan bara bläddra sig fram till filer på min dator.

 

[Cecilia]

Har du använt Internet Explorer när du surfar till virustotal?

Eller kan du bläddra fram de två filerna?

 

[anna1965]

Ja jag använde IE och jag har ingen fil som börjar med c:\programdata...

Däremot har jag C:\program...

ps. har IE 8

 

[Cecilia]

Ställ in Datorn eller Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj skyddade operativsystemfiler

 

Hittar du c:\programdata nu?

 

[anna1965]

[log]Antivirus Version Senaste Uppdatering Resultat

a-squared 4.0.0.101 2009.03.10 -

AhnLab-V3 5.0.0.2 2009.03.10 -

AntiVir 7.9.0.107 2009.03.10 -

Authentium 5.1.0.4 2009.03.10 -

Avast 4.8.1335.0 2009.03.09 -

AVG 8.0.0.237 2009.03.10 -

BitDefender 7.2 2009.03.10 -

CAT-QuickHeal 10.00 2009.03.10 -

ClamAV 0.94.1 2009.03.10 -

Comodo 1046 2009.03.10 -

DrWeb 4.44.0.09170 2009.03.10 -

eSafe 7.0.17.0 2009.03.09 -

eTrust-Vet 31.6.6388 2009.03.09 -

F-Prot 4.4.4.56 2009.03.10 -

F-Secure 8.0.14470.0 2009.03.10 -

Fortinet 3.117.0.0 2009.03.10 -

GData 19 2009.03.10 -

Ikarus T3.1.1.45.0 2009.03.10 -

K7AntiVirus 7.10.665 2009.03.10 -

Kaspersky 7.0.0.125 2009.03.10 -

McAfee 5549 2009.03.10 -

McAfee+Artemis 5549 2009.03.10 -

Microsoft 1.4405 2009.03.10 -

NOD32 3924 2009.03.10 -

Norman 6.00.06 2009.03.10 -

nProtect 2009.1.8.0 2009.03.10 -

Panda 10.0.0.10 2009.03.10 -

PCTools 4.4.2.0 2009.03.10 -

Rising 21.20.11.00 2009.03.10 -

SecureWeb-Gateway 6.7.6 2009.03.10 -

Sophos 4.39.0 2009.03.10 -

Sunbelt 3.2.1858.2 2009.03.10 -

Symantec 1.4.4.12 2009.03.10 -

TheHacker 6.3.3.0.278 2009.03.10 -

TrendMicro 8.700.0.1004 2009.03.10 -

VBA32 3.12.10.1 2009.03.10 -

ViRobot 2009.3.10.1643 2009.03.10 -

VirusBuster 4.5.11.0 2009.03.10 -

Övrig information

File size: 20480 bytes

MD5 : 7867224f3860eea6c94da49950b1ab0a

SHA1 : 8f0811ad09d031c38d1339f6ec11e4a7809eb55e

SHA256: 2f8068b829be4e83ea3cbdd8fc594266ab3bcf0af4cc016ec9e80afadcb4873a

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x3D0E

timedatestamp.....: 0x4802FFDA (Mon Apr 14 08:55:22 2008)

machinetype.......: 0x14C (Intel I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x2000 0x1D14 0x2000 5.05 5af2c52af91b1662f820518de70f8946

.rsrc 0x4000 0x698 0x1000 1.49 a557a648d603176cc958c5d105443f9f

.reloc 0x6000 0xC 0x1000 0.01 efdca176d77ab1836dbc6cc31e8494e9

 

( 0 imports )

 

 

( 0 exports )

 

TrID : File type identification

Win64 Executable Generic (49.3%)

Generic CIL Executable (.NET, Mono, etc.) (42.2%)

Win32 Executable Generic (4.9%)

Win16/32 Executable Delphi generic (1.1%)

Generic Win/DOS Executable (1.1%)

ssdeep: 192:6YCguvP96k9ke9zoiBDLybiIzRkx+e9zPbrJ5Y2d4Q:BPuvP96ubBDLybiGmL9zDrJ5Bd4

PEiD : -

RDS : NSRL Reference Data Set

 

[/log]

 

 

Den andra filen hittade jag inte, fanns inget som började på ABD efter c:\programdata...

 

[Cecilia]

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Se om du nu kan ta bort filen c:\downloads\onlinemovies.40008.vo1.exe

 

Ladda ner HijackThis från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in den i ditt svar.