Diverse Trojanere

Jeg stoppede virusprogrammet midt i processen, da jeg tidligere har oplevet, at den har frosset midt i kørslen

Avira AntiVir Personal
Report file date: 26. april 2011  07:47

Scanning for 2596233 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number  : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode      : Normally booted
Username        : SYSTEM
Computer name  : SOERENSDELLCOM

Version information:
BUILD.DAT      : 10.0.0.635    31822 Bytes  07-03-2011 12:15:00
AVSCAN.EXE      : 10.0.3.5      435368 Bytes  10-01-2011 13:23:31
AVSCAN.DLL      : 10.0.3.0      46440 Bytes  01-04-2010 11:57:04
LUKE.DLL        : 10.0.3.2      104296 Bytes  10-01-2011 13:23:40
LUKERES.DLL    : 10.0.0.1      12648 Bytes  10-02-2010 22:40:49
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06-11-2009 16:54:47
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14-12-2010 18:28:34
VBASE002.VDF    : 7.11.3.0    1950720 Bytes  09-02-2011 18:52:46
VBASE003.VDF    : 7.11.5.225  1980416 Bytes  07-04-2011 17:49:19
VBASE004.VDF    : 7.11.5.226      2048 Bytes  07-04-2011 17:49:19
VBASE005.VDF    : 7.11.5.227      2048 Bytes  07-04-2011 17:49:19
VBASE006.VDF    : 7.11.5.228      2048 Bytes  07-04-2011 17:49:19
VBASE007.VDF    : 7.11.5.229      2048 Bytes  07-04-2011 17:49:19
VBASE008.VDF    : 7.11.5.230      2048 Bytes  07-04-2011 17:49:19
VBASE009.VDF    : 7.11.5.231      2048 Bytes  07-04-2011 17:49:19
VBASE010.VDF    : 7.11.5.232      2048 Bytes  07-04-2011 17:49:20
VBASE011.VDF    : 7.11.5.233      2048 Bytes  07-04-2011 17:49:20
VBASE012.VDF    : 7.11.5.234      2048 Bytes  07-04-2011 17:49:20
VBASE013.VDF    : 7.11.6.28    158208 Bytes  11-04-2011 17:49:20
VBASE014.VDF    : 7.11.6.74    116224 Bytes  13-04-2011 16:03:40
VBASE015.VDF    : 7.11.6.113    137728 Bytes  14-04-2011 16:03:41
VBASE016.VDF    : 7.11.6.150    146944 Bytes  18-04-2011 11:39:46
VBASE017.VDF    : 7.11.6.192    138240 Bytes  20-04-2011 11:39:47
VBASE018.VDF    : 7.11.6.237    156160 Bytes  22-04-2011 17:45:28
VBASE019.VDF    : 7.11.6.238      2048 Bytes  22-04-2011 17:45:28
VBASE020.VDF    : 7.11.6.239      2048 Bytes  22-04-2011 17:45:28
VBASE021.VDF    : 7.11.6.240      2048 Bytes  22-04-2011 17:45:28
VBASE022.VDF    : 7.11.6.241      2048 Bytes  22-04-2011 17:45:28
VBASE023.VDF    : 7.11.6.242      2048 Bytes  22-04-2011 17:45:28
VBASE024.VDF    : 7.11.6.243      2048 Bytes  22-04-2011 17:45:28
VBASE025.VDF    : 7.11.6.244      2048 Bytes  22-04-2011 17:45:28
VBASE026.VDF    : 7.11.6.245      2048 Bytes  22-04-2011 17:45:29
VBASE027.VDF    : 7.11.6.246      2048 Bytes  22-04-2011 17:45:29
VBASE028.VDF    : 7.11.6.247      2048 Bytes  22-04-2011 17:45:29
VBASE029.VDF    : 7.11.6.248      2048 Bytes  22-04-2011 17:45:29
VBASE030.VDF    : 7.11.6.249      2048 Bytes  22-04-2011 17:45:29
VBASE031.VDF    : 7.11.6.254    32768 Bytes  24-04-2011 17:45:30
Engineversion  : 8.2.4.214
AEVDF.DLL      : 8.1.2.1      106868 Bytes  20-08-2010 07:45:03
AESCRIPT.DLL    : 8.1.3.59    1261947 Bytes  24-04-2011 17:45:40
AESCN.DLL      : 8.1.7.2      127349 Bytes  08-03-2011 18:28:35
AESBX.DLL      : 8.1.3.2      254324 Bytes  08-03-2011 18:28:36
AERDL.DLL      : 8.1.9.9      639347 Bytes  26-03-2011 15:05:45
AEPACK.DLL      : 8.2.6.0      549237 Bytes  12-04-2011 17:49:31
AEOFFICE.DLL    : 8.1.1.20      205177 Bytes  06-04-2011 17:43:03
AEHEUR.DLL      : 8.1.2.105    3453303 Bytes  24-04-2011 17:45:38
AEHELP.DLL      : 8.1.16.1      246134 Bytes  19-03-2011 18:52:59
AEGEN.DLL      : 8.1.5.4      397684 Bytes  06-04-2011 17:42:53
AEEMU.DLL      : 8.1.3.0      393589 Bytes  08-03-2011 18:28:35
AECORE.DLL      : 8.1.20.2      196982 Bytes  12-04-2011 17:49:23
AEBB.DLL        : 8.1.1.0        53618 Bytes  23-04-2010 15:41:21
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  10-01-2011 13:23:32
AVPREF.DLL      : 10.0.0.0      44904 Bytes  10-01-2011 13:23:30
AVREP.DLL      : 10.0.0.8      62209 Bytes  17-06-2010 13:27:13
AVREG.DLL      : 10.0.3.2      53096 Bytes  10-01-2011 13:23:31
AVSCPLR.DLL    : 10.0.3.2      84328 Bytes  10-01-2011 13:23:31
AVARKT.DLL      : 10.0.22.6    231784 Bytes  10-01-2011 13:23:27
AVEVTLOG.DLL    : 10.0.0.8      203112 Bytes  10-01-2011 13:23:28
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  17-06-2010 13:27:22
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  10-01-2011 13:23:31
NETNT.DLL      : 10.0.0.0      11624 Bytes  17-06-2010 13:27:21
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28-01-2010 12:10:20
RCTEXT.DLL      : 10.0.58.0      97128 Bytes  10-01-2011 13:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Programmer\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 26. april 2011  07:47

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
    [NOTE]      The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '65' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '69' Module(s) have been scanned
Scan process 'cli.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '32' Module(s) have been scanned
Scan process 'TosBtHsp.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '16' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '26' Module(s) have been scanned
Scan process 'avshadow.exe' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '34' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '23' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '48' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '66' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '96' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '44' Module(s) have been scanned
Scan process 'msmsgs.exe' - '43' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '54' Module(s) have been scanned
Scan process 'apdproxy.exe' - '45' Module(s) have been scanned
Scan process 'Logi_MwX.Exe' - '20' Module(s) have been scanned
Scan process 'rundll32.exe' - '36' Module(s) have been scanned
Scan process 'daemon.exe' - '43' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '20' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '23' Module(s) have been scanned
Scan process 'cli.exe' - '175' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '28' Module(s) have been scanned
Scan process 'stsystra.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'brss01a.exe' - '20' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '11' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '175' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '17' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '70' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1827' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0172544.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173413.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.bkce worm
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173414.exe
    [DETECTION] Is the TR/Expl.IMG-WMF.chu Trojan
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173415.exe
    [DETECTION] Is the TR/Expl.IMG-WMF.caq Trojan

Beginning disinfection:
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173415.exe
    [DETECTION] Is the TR/Expl.IMG-WMF.caq Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '4e8c2d13.qua'.
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173414.exe
    [DETECTION] Is the TR/Expl.IMG-WMF.chu Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '561b02b4.qua'.
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0173413.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.bkce worm
    [NOTE]      The file was moved to the quarantine directory under the name '0444585c.qua'.
C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP618\A0172544.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '6273179e.qua'.


End of the scan: 26. april 2011  10:59
Used time:  3:11:01 Hour(s)

The scan has been canceled!

  7356 Scanned directories
510096 Files were scanned
      4 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      4 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
510092 Files not concerned
  4422 Archives were scanned
      0 Warnings
      4 Notes
481378 Objects were scanned with rootkit scan
      1 Hidden objects were found

Her er antimalware-rapporten. Jeg slettede bagefter de to filer.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6439

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

25-04-2011 14:26:50
mbam-log-2011-04-25 (14-26-50).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 233110
Tid gået: 1 time(e), 12 minut(ter), 6 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\programmer\serials 2000 7.1 plus\revcrt.dll (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\søren laursen\dokumenter\sørens sager indtil marts 2008\torrents\abbyy_finereader_professional_v8_0_706_incl_keygen\Keygen\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Hej,
Superantispyware.com ´s gratis version plejer at være effektiv.

... sådan går det let når man 'leger' med [Keygen] + serials  programmer !!! FY!

---

C:\System Volume Information er systemgendannelsesområdet.
Du skal bare deaktivere Systemgendannelse - genstart aktivere Systemgendannelse for at få det fjernet...

hvor deaktiverer jeg systemgendannelsen? Og skal jeg først deaktivere systemgendannelsen, genstarte, og så til sidst aktivere systemgendannelsen, altså i 3 trin?

Ok, nu har jeg gjort det i tre trin.
Jeg prøver at genstarte og køre et virus-tjek.
Jeg vender tilbage!

Det virkede!

Det virkede, så svar blot, så skal jeg give dig point...

Ping...

Dette er så et [svar] fra mig...

PS: Du skal ikke selv lægge [svar]; er 'reserveret' til (til løsninger og pointgivning), som der står. Når man ser oversigten over spørgsmål, tror folk at der er lagt løsning/svar og så bliver spørgsmålet sprunget over...

---

Bemærk 1. punkt i #4 !!!

Jamen, jeg er også et bedre menneske nu...

Takker for Point...