Just nu i M3-nätverket
Jump to content

Virus igen från facebook AV8 antar något Malware hjälp mig snälla


rosa71

Recommended Posts

Hej igen

 

Nu har min man smittat sin dator med något som heter AV8 jag antar att det är ett malware och det har han fått från FB. Jag gjorde en systemåtersällning och då försvann alla rutor som kom upp att datorn var smittad med massor av virus. men det vet jag att den inte är utan att det är något det här AV8 gör. Det gör även att virus programmet inte uppdateras.

 

Så snälla hjälp mig

 

skickar DDS loggan till er strax

Link to comment
Share on other sites

RKill är inte till för att hitta skadliga filer utan endast för att underlätta att köra andra program som det skadliga programmet försöker stoppa.

 

Jag klistrar in din DDS-logg så att den blir lättare att gå igenom. Återkommer när jag har gått igenom den.

 

 

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by Tomas at 8:33:47,32 on 2010-10-14

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.2943.1705 [GMT 2:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\firebird\firebird_2_0\bin\fbguard.exe

C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\firebird\firebird_2_0\bin\fbserver.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Program Files\SiS VGA Utilities\SiSTray.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe

C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE

C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE

C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files (x86)\F-Secure\Common\FSM32.EXE

C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE

C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe

C:\Program Files (x86)\F-Secure\Spam Control\fsscoepl_x64.exe

C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Tomas\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe

mRun-x64: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder

mRun-x64: [siSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

 

============= SERVICES / DRIVERS ===============

 

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2010-9-15 59784]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2010-9-3 46344]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2010-9-3 94024]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2010-9-15 16768]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-2-23 359552]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-2-23 14904]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2010-9-15 221608]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\firebird\firebird_2_0\bin\fbguard.exe [2009-4-8 81920]

R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2010-2-23 44312]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-9-15 190120]

R3 FirebirdServerDefaultInstance;Firebird Super Server 2.0.5 - DefaultInstance;C:\Program Files (x86)\firebird\firebird_2_0\bin\fbserver.exe [2009-4-8 2043904]

R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2010-9-15 58024]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-23 236544]

R3 SiS6350;SiS6350;C:\Windows\System32\drivers\SISGRKMD.sys [2009-11-12 558080]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-4-21 61792]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-27 1255736]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2010-9-15 41640]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2010-9-15 27048]

 

=============== Created Last 30 ================

 

2010-10-11 18:27:01 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CA129DA2-1E5A-4262-BB31-0076C8449FBF}\mpengine.dll

2010-10-11 18:26:05 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2010-10-11 07:20:43 -------- d-----w- C:\Users\Tomas\AppData\Roaming\F-Secure

2010-10-11 06:41:18 171520 ---h--w- C:\Windows\andy135.exe

2010-09-30 01:00:35 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-09-30 01:00:34 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-09-29 08:13:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-29 08:13:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-29 08:11:58 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-29 08:11:58 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-23 16:32:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2010-09-23 16:26:34 -------- d-----w- C:\Windows\SysWow64\Samsung_USB_Drivers

2010-09-23 16:25:36 5632 ----a-w- C:\Windows\SysWow64\drivers\StarOpen.sys

2010-09-23 16:23:08 -------- d-----w- C:\Program Files (x86)\Samsung

2010-09-15 12:45:04 -------- d-----w- C:\Program Files (x86)\F-Secure

2010-09-15 11:07:38 558592 ----a-w- C:\Windows\System32\spoolsv.exe

 

==================== Find3M ====================

 

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

 

============= FINISH: 8:38:21,82 ===============

Link to comment
Share on other sites

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

C:\Windows\andy135.exe

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...