Just nu i M3-nätverket
Jump to content

Virus på datorn, kan vara sircam32


ake071

Recommended Posts

Hej!

Jag tror att jag har ett virus på datorn eftersom igår fredag den 12:e fick jag ett meddelande när jag försökte starta Starcraft 2.

 

"Objektet Starcraft2.exe som den här genvägen hänvisar till har ändrats eller flyttas. Genvägen kommer inte längre fungera korrekt. Vill du ta bort den här genvägen?."

 

Sen nu så står det när jag startar Starcarft2 så står det så här:

 

"C:\Program Files(x86)\Starcrat II\Starcraft II.exe är inte ett giltigt Win32-program"

 

När jag sedan testar andra .exe filer så för jag samma problem först att genvägen har ändrats men vissa program är intakta som t.ex Firefox.exe.

 

När jag tänkte göra en systemåterställning för att försöka återställa datorn till ett läge då den var fel fri, detta försök misslyckades för att enligt datorn var det en mapp som inte kunde ändras och därför kunde inte datorn slutföra återställningen.

 

Sedan när jag skulle kolla efter den mappen så hittade jag inte (jag kände igen mappen eftersom den mappen var en mapp från den tiden jag spelade wow)den i samma stund såg jag att startcraft2 mappen bara innehöll mappar och sedan blev det helt tomt ingenting.

 

När jag inte hittade mappen så tänkte jag göra ett nytt försök till en systemåterställning men då hittade jag bara det datumet som var gårdagens datum (fredag den 12:e) så alla andra återställningstidpunkter var borta.

 

Jag googlade lite och då fick jag fram att det kunde vara något vid namn Sircam32, jag har aldrig hört talas om det, och på det jag läste fick jag inte fram ett sätt som jag kunde få bort det på.

 

Jag har skannat datorn efter virus med Malwarebyte dock snabb skanning men inge hot hittades och jag har även Hjackthis och kan skicka en logg om det nu är behövs.

 

Tack för hjälpen och din tid i förskott!

 

DDS:

[log]DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by carl at 11:47:12,24 on 2010-11-14

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1053.18.4094.2767 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\VOIPlay\voiplay.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\consent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\carl\Downloads\dds.scr

C:\Windows\system32\conhost.exe

 

============== Pseudo HJT Report ===============

 

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [VOIPlay] "C:\Program Files (x86)\VOIPlay\voiplay.exe"

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

Hosts: 255.255.255.255 easyanticheat.se # misleading site

Hosts: 255.255.255.255 www.easyanticheat.se # misleading site

 

================= FIREFOX ===================

 

FF - ProfilePath - C:\Users\carl\AppData\Roaming\Mozilla\Firefox\Profiles\k19bh6p7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

 

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-6-18 21544]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-6-18 121936]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-6-18 20048]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-6-18 61008]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-23 40384]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-6-18 219360]

R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-6-18 68136]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-6-18 72304]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-5-27 6856192]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-27 264192]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-23 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-23 40384]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-18 346144]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" --> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-22 50176]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-23 1255736]

 

=============== Created Last 30 ================

 

2010-11-12 21:12:27 -------- d-----w- C:\Users\carl\AppData\Roaming\Malwarebytes

2010-11-12 21:12:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-12 21:12:21 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-12 21:12:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-12 21:12:21 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-11-12 18:49:47 554688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2010-11-12 18:49:45 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll

2010-11-12 18:49:45 66520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

2010-11-12 18:49:45 245208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2010-11-12 18:49:45 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2010-11-12 18:49:45 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2010-11-12 18:49:45 107480 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2010-11-12 17:45:41 -------- d-----w- C:\Program Files\lol-cb3.game_p

2010-11-12 17:44:14 -------- d-----w- C:\Program Files\lol-cb3.patcher_14

2010-11-12 17:40:49 -------- d-----w- C:\Program Files\html

2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\game

2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\air

2010-11-12 16:59:17 -------- d-----w- C:\Program Files (x86)\lol-cb3.game_p

2010-11-12 16:57:49 -------- d-----w- C:\Program Files (x86)\lol-cb3.patcher_14

2010-11-12 16:26:21 -------- d-----w- C:\Windows\System32\appmgmt

2010-11-08 19:56:36 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll

2010-11-08 19:56:36 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll

2010-11-08 19:56:36 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2010-11-08 19:56:36 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2010-11-08 19:56:35 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2010-11-08 18:34:47 -------- d-----w- C:\Users\carl\AppData\Local\PMB Files

2010-11-08 18:34:46 -------- d-----w- C:\PROGRA~3\PMB Files

2010-11-08 18:34:34 -------- d-----w- C:\Program Files (x86)\Pando Networks

2010-11-02 08:46:33 -------- d-----w- C:\Program Files\iTunes

2010-11-02 08:46:33 -------- d-----w- C:\Program Files\iPod

2010-11-02 08:46:33 -------- d-----w- C:\Program Files (x86)\iTunes

2010-11-02 08:43:27 -------- d-----w- C:\Program Files\Bonjour

2010-11-02 08:43:27 -------- d-----w- C:\Program Files (x86)\Bonjour

 

==================== Find3M ====================

 

2010-11-14 09:35:12 25640 ----a-w- C:\Windows\gdrv.sys

2010-11-12 17:44:37 118784 ----a-w- C:\Program Files\launcher.maestro.dll

2010-09-23 11:15:08 59904 ----a-w- C:\Program Files\zlib1.dll

2010-09-23 11:15:08 194376 ----a-w- C:\Program Files\patcher_update_tmp.exe

2010-09-23 11:15:08 194376 ----a-w- C:\Program Files\patcher_update.exe

2010-09-23 11:15:08 192512 ----a-w- C:\Program Files\xdelta.exe

2010-09-23 11:15:08 176968 ----a-w- C:\Program Files\patcher_lib.decode.dll

2010-09-23 11:14:40 57344 ----a-w- C:\Program Files\launcher.lang-fr.dll

2010-09-23 11:14:40 57344 ----a-w- C:\Program Files\launcher.lang-es.dll

2010-09-23 11:14:40 57344 ----a-w- C:\Program Files\launcher.lang-de.dll

2010-09-23 11:14:40 53248 ----a-w- C:\Program Files\launcher.lang-en.dll

2010-09-23 11:14:40 421888 ----a-w- C:\Program Files\lol.launcher.exe

2010-09-23 11:14:40 114688 ----a-w- C:\Program Files\CRiotInternetSecurityManagerCom.dll

2010-09-23 11:14:38 954368 ----a-w- C:\Program Files\launcher.lib.dll

2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2009-10-23 12:18:00 110592 ----a-w- C:\Program Files\CRiotLauncherElevateCOM.dll

 

============= FINISH: 11:47:27,36 ===============[/log]

 

Attach.txt

Link to comment
Share on other sites

Vad gjorde du i fredags som medförde att dessa mappar skapades?

2010-11-12 17:45:41 -------- d-----w- C:\Program Files\lol-cb3.game_p

2010-11-12 17:44:14 -------- d-----w- C:\Program Files\lol-cb3.patcher_14

2010-11-12 17:40:49 -------- d-----w- C:\Program Files\html

2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\game

2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\air

2010-11-12 16:59:17 -------- d-----w- C:\Program Files (x86)\lol-cb3.game_p

2010-11-12 16:57:49 -------- d-----w- C:\Program Files (x86)\lol-cb3.patcher_14

2010-11-12 16:26:21 -------- d-----w- C:\Windows\System32\appmgmt

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

2010-11-12 17:44:37 118784 ----a-w- C:\Program Files\launcher.maestro.dll

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Link to comment
Share on other sites

Jag vet inte om jag ska ha med allt från virustotal, verkar vara väldigt mycket, men jag lägger in allt ifall.

 

[log]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: launcher.maestro.dll Submission date: 2010-11-14 20:14:03 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.11.15.00 2010.11.14 - AntiVir 7.10.13.238 2010.11.14 - Antiy-AVL 2.0.3.7 2010.11.14 - Authentium 5.2.0.5 2010.11.13 - Avast 4.8.1351.0 2010.11.14 - Avast5 5.0.594.0 2010.11.14 - AVG 9.0.0.851 2010.11.14 - BitDefender 7.2 2010.11.14 - CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.14 - Comodo 6718 2010.11.14 - DrWeb 5.0.2.03300 2010.11.14 - Emsisoft 5.0.0.50 2010.11.14 - eSafe 7.0.17.0 2010.11.14 - eTrust-Vet 36.1.7973 2010.11.13 - F-Prot 4.6.2.117 2010.11.13 - F-Secure 9.0.16160.0 2010.11.14 - Fortinet 4.2.249.0 2010.11.14 - GData 21 2010.11.14 - Ikarus T3.1.1.90.0 2010.11.14 - Jiangmin 13.0.900 2010.11.14 - K7AntiVirus 9.67.2973 2010.11.12 - Kaspersky 7.0.0.125 2010.11.14 - McAfee 5.400.0.1158 2010.11.14 - McAfee-GW-Edition 2010.1C 2010.11.14 - Microsoft 1.6301 2010.11.14 - NOD32 5619 2010.11.14 - Norman 6.06.10 2010.11.14 - nProtect 2010-11-14.01 2010.11.14 - Panda 10.0.2.7 2010.11.14 - PCTools 7.0.3.5 2010.11.14 - Prevx 3.0 2010.11.14 - Rising 22.73.04.00 2010.11.13 - Sophos 4.59.0 2010.11.14 - Sunbelt 7310 2010.11.14 - SUPERAntiSpyware 4.40.0.1006 2010.11.14 - Symantec 20101.2.0.161 2010.11.14 - TheHacker 6.7.0.1.083 2010.11.13 - TrendMicro 9.120.0.1004 2010.11.14 - TrendMicro-HouseCall 9.120.0.1004 2010.11.14 - VBA32 3.12.14.2 2010.11.12 - ViRobot 2010.11.13.4145 2010.11.14 - VirusBuster 12.75.3.0 2010.11.14 - Additional information Show all MD5 : af6755cc02a86a9fc2f090ee0382ebd1 SHA1 : 40cdcc3644e6f1b87ee2892d9f8ef5c9f197b096 SHA256: 8161fe7d8e43714065b1fd8a27244a13d9f8ede316200eb40c9e2016b8fb3adf ssdeep: 1536:3vc53SVByP5qojlOWianozikb05CD4ZvVJGB/57IqII2AytU2U:fa3SCcWi5i5+5MqII2/ tUh File size : 118784 bytes First seen: 2010-11-12 08:50:37 Last seen : 2010-11-14 20:14:03 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Solid State Networks copyright....: Maestro: © Solid State Networks. All rights reserved. product......: launcher.maestro description..: launcher.maestro original name: launcher.maestro.dll internal name: launcher.maestro.dll file version.: 1, 0, 0, 31 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x68E2 timedatestamp....: 0x4CDB5CF5 (Thu Nov 11 03:03:17 2010) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x12224, 0x13000, 6.44, 2af4a51aa90c9d02be179b7bec4b7d30 .rdata, 0x14000, 0x3D16, 0x4000, 5.44, bb111d52b69e464051e8435efe31295a .data, 0x18000, 0x2C80, 0x2000, 1.32, ec2541a78ebcabb3c64ebbc3623b1597 .rsrc, 0x1B000, 0x45C, 0x1000, 3.78, f2105ad27bdd008b98408c389c539462 .reloc, 0x1C000, 0x1518, 0x2000, 4.09, 8b4564fe2afa8fae37a8daa48fdcd294 [[ 4 import(s) ]] WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, - WINMM.dll: timeGetTime PSAPI.DLL: EnumProcessModules, GetModuleBaseNameA, EnumProcesses KERNEL32.dll: VirtualAlloc, CompareStringW, CompareStringA, ReadFile, SetEndOfFile, HeapSize, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetTimeZoneInformation, FlushFileBuffers, SetStdHandle, OutputDebugStringA, LocalFree, GetLastError, FormatMessageA, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetCurrentDirectoryA, DeleteCriticalSection, DeleteFileA, WaitForSingleObject, Sleep, ExitThread, CloseHandle, CreateThread, OpenProcess, GetExitCodeProcess, CreateProcessA, TerminateProcess, GetProcessId, GetModuleFileNameA, GetModuleHandleA, GetCurrentProcessId, HeapFree, HeapAlloc, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, GetCurrentThreadId, GetCommandLineA, GetVersionExA, GetProcessHeap, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, HeapReAlloc, GetProcAddress, ExitProcess, WriteFile, GetStdHandle, RtlUnwind, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetFullPathNameA, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, SetFilePointer, LoadLibraryA, CreateFileA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar [[ 61 export(s) ]] MaestroClient_Create, MaestroClient_Delete, MaestroClient_GetHeartbeatActive, MaestroClient_SendMessage, MaestroClient_SetHeartbeatActive, MaestroClient_SetMessageArrivedCallback, MaestroClient_Start, MaestroGameController_AreProcessesHung, MaestroGameController_GetHeartbeatActive, MaestroGameController_Init, MaestroGameController_KillProcesses, MaestroGameController_Remove, MaestroGameController_SendChatMessage, MaestroGameController_SendGameAbandonedMessage, MaestroGameController_SendGameConnectedToServerMessage, MaestroGameController_SendGameLaunchedMessage, MaestroGameController_SendGameVersionMismatchMessage, MaestroGameController_SendShutdownMessage, MaestroGameController_SetExitCallback, MaestroGameController_SetHeartbeatActive, MaestroGameController_SetReceiveChatMessageCallback, MaestroGameController_Start, MaestroMessageAgent_Create, MaestroMessageAgent_Delete, MaestroMessageAgent_GetHeartbeatActive, MaestroMessageAgent_GetIsRunning, MaestroMessageAgent_SendMessage, MaestroMessageAgent_SetHeartbeatActive, MaestroMessageAgent_SetMessageArrivedCallback, MaestroMessageAgent_Start, MaestroProcessHelper_AllFilesExist, MaestroProcessHelper_GetProcessPathForProcessType, MaestroProcessHelper_Init, MaestroProcessHelper_IsProcessRunning, MaestroProcessHelper_KillProcess, MaestroProcessHelper_KillProcessByName, MaestroProcessHelper_Remove, MaestroProcessHelper_StartProcess, MaestroProcessHelper_StopProcess, MaestroServerController_Init, MaestroServerController_ProcessEvents, MaestroServerController_RegisterHwnd, MaestroServerController_Remove, MaestroServerController_SetErrorMessageCallback, MaestroServerController_SetExitCallback, MaestroServerController_Start, MaestroServerController_StartArgs, MaestroServerController_StartArgsExplicit, MaestroServerController_Stop, MaestroServerController_VerifyAllNeededFilesExist, MaestroServer_Create, MaestroServer_Delete, MaestroServer_SendMessageToAllClients, MaestroServer_SetMessageArrivedCallback, MaestroServer_Start, Maestro_ErrorToString, Maestro_GetElapsedSeconds, Maestro_Init, Maestro_MessageTypeToString, Maestro_ProcessTypeToString, Maestro_Remove ExifTool: file metadata CharacterSet: Unicode CodeSize: 77824 CompanyName: Solid State Networks EntryPoint: 0x68e2 FileDescription: launcher.maestro FileFlagsMask: 0x0017 FileOS: Win32 FileSize: 116 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 1, 0, 0, 31 FileVersionNumber: 1.0.0.29 ImageVersion: 0.0 InitializedDataSize: 36864 InternalName: launcher.maestro.dll LanguageCode: English (U.S.) LegalCopyright: Maestro: © Solid State Networks. All rights reserved. LinkerVersion: 8.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: launcher.maestro.dll PEType: PE32 ProductName: launcher.maestro ProductVersion: 1, 0, 0, 31 ProductVersionNumber: 1.0.0.29 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2010:11:11 04:03:17+01:00 UninitializedDataSize: 0 VT Community[/log]

 

Och här är Eset loggen: (jag såg inte att jag skulle bocka ur "Removed found threats" så jag lät det vara, hoppas det inte gör något :/ )

 

[log]ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=d35ebc87fb08434986daf321647b9b55 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-14 07:21:46 # local_time=2010-11-14 08:21:46 (+0100, Västeuropa, normaltid) # country="Sweden" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 12863839 12863839 0 0 # compatibility_mode=5893 16776573 100 94 9426738 42203726 0 0 # compatibility_mode=8192 67108863 100 0 3708 3708 0 0 # scanned=94162 # found=3 # cleaned=3 # scan_time=1373 C:\Users\carl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-6fb112a9 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\carl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-5095d8d2 probably a variant of Win32/Agent.HRYTTOE trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\carl\Downloads\CheatEngine561.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C[/log]

Link to comment
Share on other sites

Det blir enklare om du i stället klistrar in länken virustotal-resultatet. I det fallet: http://www.virustotal.com/file-scan/report.html?id=8161fe7d8e43714065b1fd8a27244a13d9f8ede316200eb40c9e2016b8fb3adf-1289765643

Den här informationen om filen:

publisher....: Solid State Networks

copyright....: Maestro: © Solid State Networks. All rights reserved.

product......: launcher.maestro

Ändrad i fredags.

Vet du vad det är för fil?

 

Det är väl mest att det kan bli problem för dig om Esets skanner falsklarmar och tar bort något som borde vara kvar.

 

Någon information om alla mapparna som skapades i fredags?

Link to comment
Share on other sites

2010-11-12 17:45:41 -------- d-----w- C:\Program Files\lol-cb3.game_p

2010-11-12 17:44:14 -------- d-----w- C:\Program Files\lol-cb3.patcher_14

2010-11-12 16:59:17 -------- d-----w- C:\Program Files (x86)\lol-cb3.game_p

2010-11-12 16:57:49 -------- d-----w- C:\Program Files (x86)\lol-cb3.patcher_14

De ändringarna känner jag igen eftersom jag försökte avinstallera och reinstallera League of Legends ett antal gånger eftersom det inte funkade första gången. De andra filerna kan ha skapats i samma veva(2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\game

2010-11-12 17:34:42 -------- d-----w- C:\Program Files (x86)\air) men

2010-11-12 16:26:21 -------- d-----w- C:\Windows\System32\appmgmt

och

2010-11-12 17:44:37 118784 ----a-w- C:\Program Files\launcher.maestro.dll

och

2010-11-12 17:40:49 -------- d-----w- C:\Program Files\html

känner jag absolut inte igen och de vet jag inte vart de kommer ifrån

Link to comment
Share on other sites

Bra, för det är alltid misstänkt när det ligger filer direkt i program-mappen.

 

launcher.maestro.dll hör ihop med League of Legends och mappen appmgmt är en normal Windows-mapp.

 

Vad finns i mappen C:\Program Files\html ?

Link to comment
Share on other sites

Jag hittar inte program files bara program files (x86) spelar det någon roll ? och jag hittar inte häller den mappen (C:\Program Files\html)

 

De program som det tänkbara viruset har förstört måste jag reinstallera de då?

Link to comment
Share on other sites

Jag undrar vad som hände i din dator egentligen. När man har 64-bitars Vista/Windows 7 så ska man ha både C:\Program files och C:\Program files(x86). Om du har en svensk Windows så kan mapparna däremot visas som C:\Program resp. C:\Program(x86).

 

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:dir
C:\Program Files\html
C:\

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Link to comment
Share on other sites

[log]SystemLook 04.09.10 by jpshortstuff Log created at 14:39 on 17/11/2010 by carl Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== dir ========== C:\Program Files\html - Parameters: "(none)" ---Files--- default-de.html --a---- 2140 bytes [17:40 12/11/2010] [11:15 23/09/2010] default-en.html --a---- 2140 bytes [17:40 12/11/2010] [11:15 23/09/2010] default-es.html --a---- 2140 bytes [17:40 12/11/2010] [11:15 23/09/2010] default-fr.html --a---- 2140 bytes [17:40 12/11/2010] [11:15 23/09/2010] settings-de.html --a---- 2907 bytes [17:40 12/11/2010] [12:19 23/10/2009] settings-en.html --a---- 2806 bytes [17:40 12/11/2010] [11:15 23/09/2010] settings-es.html --a---- 2926 bytes [17:40 12/11/2010] [12:19 23/10/2009] settings-fr.html --a---- 2842 bytes [17:40 12/11/2010] [11:15 23/09/2010] ---Folders--- css d------ [17:40 12/11/2010] images d------ [17:40 12/11/2010] js d------ [17:40 12/11/2010] C: - Parameters: "(none)" ---Files--- csb.log --a---- 180 bytes [19:21 18/06/2010] [19:22 18/06/2010] hiberfil.sys --ahs-- -1075666944 bytes [18:51 18/06/2010] [12:56 17/11/2010] Install.log --a---- 217 bytes [19:20 18/06/2010] [19:21 18/06/2010] msdia80.dll --a---- 904704 bytes [21:37 01/12/2006] [21:37 01/12/2006] pagefile.sys --ahs-- -2564096 bytes [18:51 18/06/2010] [12:56 17/11/2010] RHDSetup.log --a---- 3292 bytes [19:18 18/06/2010] [19:19 18/06/2010] service.log --a---- 144 bytes [19:17 18/06/2010] [12:56 17/11/2010] ---Folders--- $Recycle.Bin d--hs-- [03:18 14/07/2009] AMD d------ [14:11 18/06/2010] ATI d------ [14:37 18/06/2010] Config.Msi d--hs-- [15:29 10/09/2010] Documents and Settings d--hs-- [05:08 14/07/2009] Fraps d------ [14:58 20/06/2010] PerfLogs d------ [03:20 14/07/2009] Program d--hs-- [18:57 18/06/2010] Program Files dr----- [03:20 14/07/2009] Program Files (x86) dr----- [03:20 14/07/2009] ProgramData d--h--- [03:20 14/07/2009] RaidTool d------ [19:22 18/06/2010] Recovery d--hs-- [18:57 18/06/2010] System Volume Information d--hs-- [18:51 18/06/2010] Users dr----- [03:20 14/07/2009] Windows d------ [03:20 14/07/2009] -= EOF =-[/log]

Link to comment
Share on other sites

SystemLook 04.09.10 by jpshortstuff

Log created at 20:13 on 18/11/2010 by carl

Administrator - Elevation successful

 

========== dir ==========

 

C:\Program Files\html - Unable to find folder.

 

C: - Parameters: "(none)"

 

---Files---

csb.log --a---- 180 bytes [19:21 18/06/2010] [19:22 18/06/2010]

hiberfil.sys --ahs-- -1075666944 bytes [18:51 18/06/2010] [15:56 18/11/2010]

Install.log --a---- 217 bytes [19:20 18/06/2010] [19:21 18/06/2010]

msdia80.dll --a---- 904704 bytes [21:37 01/12/2006] [21:37 01/12/2006]

pagefile.sys --ahs-- -2564096 bytes [18:51 18/06/2010] [15:56 18/11/2010]

RHDSetup.log --a---- 3292 bytes [19:18 18/06/2010] [19:19 18/06/2010]

service.log --a---- 144 bytes [19:17 18/06/2010] [15:56 18/11/2010]

 

---Folders---

$Recycle.Bin d--hs-- [03:18 14/07/2009]

AMD d------ [14:11 18/06/2010]

ATI d------ [14:37 18/06/2010]

Config.Msi d--hs-- [15:29 10/09/2010]

Documents and Settings d--hs-- [05:08 14/07/2009]

Fraps d------ [14:58 20/06/2010]

PerfLogs d------ [03:20 14/07/2009]

Program d--hs-- [18:57 18/06/2010]

Program Files dr----- [03:20 14/07/2009]

Program Files (x86) dr----- [03:20 14/07/2009]

ProgramData d--h--- [03:20 14/07/2009]

RaidTool d------ [19:22 18/06/2010]

Recovery d--hs-- [18:57 18/06/2010]

Riot Games d------ [15:49 17/11/2010]

System Volume Information d--hs-- [18:51 18/06/2010]

Users dr----- [03:20 14/07/2009]

Windows d------ [03:20 14/07/2009]

 

-= EOF =-

Link to comment
Share on other sites

Mapparna:

Program Files

Program Files (x86)

finns i C:\ enligt loggen.

 

Men om du har svensk Windows 7 visas de normalt som:

Program

Program (x86)

 

Vilket språk är det på din Windows 7?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...