Er jeg stadig inficeret?
Min computer opførte sig underligt for nylig, og jeg scannede med Malwarebytes som fandt følgende:Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6352
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13-04-2011 20:08:37
mbam-log-2011-04-13 (20-08-37).txt
Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 217611
Tid gået: 29 minut(ter), 11 sekund(er)
Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 5
Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)
Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)
Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)
Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)
Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)
Inficerede Mapper:
(Ingen skadelige objekter blev fundet)
Inficerede Filer:
c:\WINDOWS\Acer.scr (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programmer\IObit\advanced systemcare 3\contextmenu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programmer\eusing free registry cleaner\regcleaner.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5ec192be-5b7d-4a34-a264-2bd3026a181b}\RP72\A0031538.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5ec192be-5b7d-4a34-a264-2bd3026a181b}\RP94\A0050953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Endvidere fandt min antivirus idag følgende:
Avira AntiVir Personal
Report file date: 14. april 2011 12:07
Scanning for 2551749 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MORTEN1
Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 07-03-2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10-12-2010 12:50:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01-04-2010 11:57:06
LUKE.DLL : 10.0.3.2 104296 Bytes 10-12-2010 12:50:38
LUKERES.DLL : 10.0.0.1 12648 Bytes 10-02-2010 22:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06-11-2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 18:29:28
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09-02-2011 19:00:00
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07-04-2011 15:51:06
VBASE004.VDF : 7.11.5.226 2048 Bytes 07-04-2011 15:51:06
VBASE005.VDF : 7.11.5.227 2048 Bytes 07-04-2011 15:51:06
VBASE006.VDF : 7.11.5.228 2048 Bytes 07-04-2011 15:51:06
VBASE007.VDF : 7.11.5.229 2048 Bytes 07-04-2011 15:51:06
VBASE008.VDF : 7.11.5.230 2048 Bytes 07-04-2011 15:51:06
VBASE009.VDF : 7.11.5.231 2048 Bytes 07-04-2011 15:51:06
VBASE010.VDF : 7.11.5.232 2048 Bytes 07-04-2011 15:51:06
VBASE011.VDF : 7.11.5.233 2048 Bytes 07-04-2011 15:51:06
VBASE012.VDF : 7.11.5.234 2048 Bytes 07-04-2011 15:51:06
VBASE013.VDF : 7.11.6.28 158208 Bytes 11-04-2011 13:12:46
VBASE014.VDF : 7.11.6.74 116224 Bytes 13-04-2011 14:29:50
VBASE015.VDF : 7.11.6.75 2048 Bytes 13-04-2011 14:29:50
VBASE016.VDF : 7.11.6.76 2048 Bytes 13-04-2011 14:29:50
VBASE017.VDF : 7.11.6.77 2048 Bytes 13-04-2011 14:29:50
VBASE018.VDF : 7.11.6.78 2048 Bytes 13-04-2011 14:29:50
VBASE019.VDF : 7.11.6.79 2048 Bytes 13-04-2011 14:29:50
VBASE020.VDF : 7.11.6.80 2048 Bytes 13-04-2011 14:29:50
VBASE021.VDF : 7.11.6.81 2048 Bytes 13-04-2011 14:29:50
VBASE022.VDF : 7.11.6.82 2048 Bytes 13-04-2011 14:29:50
VBASE023.VDF : 7.11.6.83 2048 Bytes 13-04-2011 14:29:50
VBASE024.VDF : 7.11.6.84 2048 Bytes 13-04-2011 14:29:50
VBASE025.VDF : 7.11.6.85 2048 Bytes 13-04-2011 14:29:50
VBASE026.VDF : 7.11.6.86 2048 Bytes 13-04-2011 14:29:50
VBASE027.VDF : 7.11.6.87 2048 Bytes 13-04-2011 14:29:50
VBASE028.VDF : 7.11.6.88 2048 Bytes 13-04-2011 14:29:50
VBASE029.VDF : 7.11.6.89 2048 Bytes 13-04-2011 14:29:50
VBASE030.VDF : 7.11.6.90 2048 Bytes 13-04-2011 14:29:50
VBASE031.VDF : 7.11.6.94 14848 Bytes 13-04-2011 14:29:50
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 25-10-2010 16:07:30
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04-04-2011 15:37:06
AESCN.DLL : 8.1.7.2 127349 Bytes 23-11-2010 18:46:52
AESBX.DLL : 8.1.3.2 254324 Bytes 23-11-2010 18:46:52
AERDL.DLL : 8.1.9.9 639347 Bytes 28-03-2011 18:19:22
AEPACK.DLL : 8.2.6.0 549237 Bytes 12-04-2011 13:12:50
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04-04-2011 15:36:54
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 12-04-2011 13:12:50
AEHELP.DLL : 8.1.16.1 246134 Bytes 06-02-2011 17:19:58
AEGEN.DLL : 8.1.5.4 397684 Bytes 04-04-2011 15:36:18
AEEMU.DLL : 8.1.3.0 393589 Bytes 23-11-2010 18:46:50
AECORE.DLL : 8.1.20.2 196982 Bytes 12-04-2011 13:12:48
AEBB.DLL : 8.1.1.0 53618 Bytes 25-10-2010 16:07:26
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14-01-2010 11:03:40
AVPREF.DLL : 10.0.0.0 44904 Bytes 14-01-2010 11:03:36
AVREP.DLL : 10.0.0.8 62209 Bytes 18-02-2010 15:47:42
AVREG.DLL : 10.0.3.2 53096 Bytes 02-11-2010 17:41:24
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10-12-2010 12:50:38
AVARKT.DLL : 10.0.22.6 231784 Bytes 10-12-2010 12:50:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26-01-2010 08:53:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28-01-2010 11:58:00
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16-03-2010 14:38:58
NETNT.DLL : 10.0.0.0 11624 Bytes 19-02-2010 13:41:02
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28-01-2010 12:10:22
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02-11-2010 17:41:24
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4de4ea78\guard_slideup.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Start of the scan: 14. april 2011 12:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'keyhook.exe' - '1' Module(s) have been scanned
Scan process 'Rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054600.scr'
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054600.scr
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054601.exe'
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054601.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054602.exe'
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054602.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Beginning disinfection:
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054602.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ecd635b.qua'.
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054601.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '565a4cfd.qua'.
C:\System Volume Information\_restore{5EC192BE-5B7D-4A34-A264-2BD3026A181B}\RP97\A0054600.scr
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '04051615.qua'.
End of the scan: 14. april 2011 12:08
Used time: 00:02 Minute(s)
The scan has been done completely.
0 Scanned directories
46 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
3 Notes
The scan results will be transferred to the Guard.
Nu har jeg så kørt Superantispyware, som intet fandt og Iobit 360 som fandt nogle ældgamle windowsopdateringer, som jeg skulle opdatere(måske de er blevet slettet af malwarebytes eller avira sammen med skidtet).
Men hvordan kan jeg nu sikre mig at jeg er clean?
Iøvrigt har jeg pludselig haft nogle underlige processer kørende, som jeg normalt ikke har:
2 styk DLLhost.exe, som ligger i system32 og har at gøre med noget der hedder K COM Surrogate
Msdtc.exe, som også ligger i system32 og har at gøre med noget der hedder K MS DTC console program
vssvc.exe(Tjenesten Microsoft volume snapshots)
Alle tjenester jeg ikke har haft kørende før.
Dog ser det ud til at de netop er forsvundet igen, efter jeg har kørt Iobit 360.
Jeg har endvidere lige opdaget en fil der hedder autorun.inf på mit D drev(reservedrevet). Når jeg klikker på den siger Avira at Autorun er blocked for your security. I filen står der: lpt3.Drive_is_protected_against_flash_viruses_by_RegRun
Er det mon en farlig fil?
Pyha. Det var en masse, håber der er nogen der kan hjælpe:)