-Tommy Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 Hei Har to pc'er som er blitt infisert, den ene tror jeg at jeg har fått renset for den funker fint nå men legger den ved for sikkerhets skyld. Den andre pc'en er fremdeles infesert. PC 1 MBAM Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2135 Windows 6.0.6001 Service Pack 1 15.05.2009 19:06:16 mbam-log-2009-05-15 (19-06-16).txt Skanntype: Rask Skann Objekter skannet: 70145 Tid tilbakelagt: 3 minute(s), 48 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix ComboFix 09-05-14.07 - Bente 15.05.2009 19:10.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.1982.1131 [GMT 2:00] Kjører fra: c:\users\Bente\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1335 [VPS 090425-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-15 til 2009-05-15 ))))))))))))))))))))))))))))))))) . 2009-05-15 15:20 . 2009-05-15 15:20 -------- d-----w c:\users\Bente\AppData\Roaming\Malwarebytes 2009-05-15 15:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-15 15:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-15 15:20 . 2009-05-15 15:20 -------- d-----w c:\progra~2\Malwarebytes 2009-05-15 15:20 . 2009-05-15 15:20 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-15 15:20 . 2009-05-15 15:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-12 13:49 . 2009-05-12 13:49 -------- d-----w c:\users\Bente\AppData\Local\Mozilla 2009-05-12 12:48 . 2009-05-12 12:48 -------- d-----w c:\windows\system32\Jibbin+ 2009-05-10 18:49 . 2009-05-15 16:56 -------- d-----w c:\users\Bente\Tracing 2009-05-10 18:41 . 2009-05-10 18:41 -------- d-----w c:\program files\Microsoft 2009-05-10 18:41 . 2009-05-10 18:41 -------- d-----w c:\program files\Windows Live SkyDrive 2009-05-10 18:41 . 2009-05-10 18:41 -------- d-----w c:\program files\Windows Live 2009-05-10 18:32 . 2009-05-10 18:32 -------- d-----w c:\program files\Common Files\Windows Live 2009-05-09 10:58 . 2009-05-09 11:10 -------- d-----w c:\users\Bente\AppData\Local\Google 2009-05-09 10:57 . 2009-05-15 16:57 -------- d-----w c:\progra~2\Google Updater 2009-05-09 10:57 . 2009-05-15 16:57 -------- d-----w c:\users\All Users\Google Updater 2009-05-09 10:57 . 2009-05-09 10:59 -------- d-----w c:\program files\Google 2009-04-27 06:13 . 2008-06-26 03:29 565248 ----a-w c:\windows\system32\emdmgmt.dll 2009-04-25 22:05 . 2009-04-25 22:05 -------- d-----w C:\PerfLogs 2009-04-24 22:41 . 2009-04-24 22:41 -------- d-----w c:\progra~2\Office Genuine Advantage 2009-04-24 22:41 . 2009-04-24 22:41 -------- d-----w c:\users\All Users\Office Genuine Advantage 2009-04-24 17:59 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-24 17:59 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-24 17:59 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-24 17:59 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-24 17:59 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-24 17:59 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-24 17:59 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-24 17:52 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll 2009-04-24 17:52 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll 2009-04-24 17:52 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-04-24 17:51 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll 2009-04-24 17:51 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll 2009-04-24 17:42 . 2009-05-12 18:49 12 ----a-w c:\windows\bthservsdp.dat 2009-04-23 05:18 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll 2009-04-23 05:18 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll 2009-04-22 21:27 . 2008-01-19 07:36 1541120 ----a-w c:\windows\system32\onex.dll 2009-04-22 21:26 . 2008-01-19 07:36 889344 ----a-w c:\windows\system32\RacEngn.dll 2009-04-22 21:25 . 2008-01-19 07:35 386560 ----a-w c:\windows\system32\netcfgx.dll 2009-04-22 21:24 . 2008-01-19 07:36 168448 ----a-w c:\windows\system32\wdigest.dll 2009-04-22 21:23 . 2008-01-19 07:33 105984 ----a-w c:\windows\system32\msdtc.exe 2009-04-22 21:22 . 2008-01-19 07:33 599552 ----a-w c:\windows\system32\vsp1cln.exe 2009-04-22 21:22 . 2008-01-19 07:36 357888 ----a-w c:\windows\system32\wbemcomn.dll 2009-04-22 21:21 . 2008-01-19 07:36 129536 ----a-w c:\windows\system32\sqmapi.dll 2009-04-22 21:21 . 2008-01-19 07:36 139264 ----a-w c:\windows\system32\SmiInstaller.dll 2009-04-22 21:21 . 2008-01-19 07:36 704512 ----a-w c:\windows\system32\SmiEngine.dll 2009-04-22 21:21 . 2008-01-19 07:36 218624 ----a-w c:\windows\system32\wdscore.dll 2009-04-22 21:21 . 2008-01-19 07:33 130560 ----a-w c:\windows\system32\PkgMgr.exe 2009-04-22 21:19 . 2008-01-19 07:34 246784 ----a-w c:\windows\system32\drvstore.dll 2009-04-22 21:19 . 2008-01-19 07:34 258560 ----a-w c:\windows\system32\dpx.dll 2009-04-22 21:19 . 2008-01-19 07:35 35328 ----a-w c:\windows\system32\mspatcha.dll 2009-04-22 21:19 . 2008-01-19 07:34 305152 ----a-w c:\windows\system32\msdelta.dll 2009-04-22 17:59 . 2009-04-22 17:59 -------- d-----w c:\progra~2\Hewlett-Packard 2009-04-22 17:59 . 2009-04-22 17:59 -------- d-----w c:\users\All Users\Hewlett-Packard 2009-04-22 17:56 . 2006-12-15 20:19 897024 ----a-w c:\windows\system32\hpotiop1.dll 2009-04-22 17:56 . 2006-12-15 20:19 675840 ----a-w c:\windows\system32\hpowiav1.dll 2009-04-22 17:56 . 2006-12-15 20:19 303104 ----a-w c:\windows\system32\hpovst01.dll 2009-04-22 17:56 . 2006-09-01 13:18 20480 ----a-w c:\windows\system32\HPZISN12.DLL 2009-04-22 17:56 . 2006-09-01 12:29 30208 ----a-w c:\windows\system32\HPZIPT12.DLL 2009-04-22 17:56 . 2006-08-31 17:34 33792 ----a-w c:\windows\system32\HPZIPR12.DLL 2009-04-22 17:56 . 2006-05-11 16:15 52736 ----a-w c:\windows\system32\HPZIPM12.DLL 2009-04-22 17:56 . 2006-05-11 16:15 43520 ----a-w c:\windows\system32\HPZINW12.DLL 2009-04-22 17:56 . 2006-08-31 17:19 49152 ----a-w c:\windows\system32\HPZIDR12.DLL 2009-04-22 17:56 . 2006-12-29 07:57 117760 ----a-w c:\windows\system32\hpz3l4v2.dll 2009-04-22 17:56 . 2005-06-20 12:33 94208 ----a-w c:\windows\system32\HPJIPX1U.DLL 2009-04-22 17:55 . 2005-06-20 12:33 163840 ----a-w c:\windows\system32\HPJCMN2U.DLL 2009-04-22 17:55 . 2006-10-27 14:11 7680 ----a-w c:\windows\system32\HPBPROPS.DLL 2009-04-22 17:55 . 2006-10-27 14:10 39424 ----a-w c:\windows\system32\HPBPRO.DLL 2009-04-22 17:55 . 2006-10-27 14:10 7680 ----a-w c:\windows\system32\HPBOIDPS.DLL 2009-04-22 17:55 . 2006-10-27 14:10 25600 ----a-w c:\windows\system32\HPBOID.DLL 2009-04-22 17:55 . 2005-06-20 12:33 49152 ----a-w c:\windows\system32\HPBNRAC2.DLL 2009-04-22 17:55 . 2006-06-06 12:20 241721 ----a-w c:\windows\system32\HPBMINI.DLL 2009-04-22 17:55 . 2006-10-27 14:10 24576 ----a-w c:\windows\system32\HPBMIAPI.DLL 2009-04-22 16:04 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-22 15:59 . 2009-04-22 15:59 -------- d-----w c:\program files\Microsoft Works 2009-04-22 15:56 . 2009-04-22 15:56 -------- d-----w c:\windows\PCHEALTH 2009-04-22 15:56 . 2009-04-22 15:56 -------- d-----w c:\program files\Microsoft.NET 2009-04-22 15:53 . 2009-04-22 15:53 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-04-22 15:52 . 2009-05-12 14:15 -------- d-----w c:\users\Bente\AppData\Local\Microsoft Help 2009-04-22 15:51 . 2009-05-15 17:02 -------- d-----w c:\progra~2\Microsoft Help 2009-04-22 15:51 . 2009-05-15 17:02 -------- d-----w c:\users\All Users\Microsoft Help 2009-04-22 15:50 . 2009-04-22 15:50 -------- d--h--r C:\MSOCache 2009-04-22 15:03 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-04-22 15:03 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll 2009-04-22 15:03 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll 2009-04-22 15:03 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\MSVCR71.dll 2009-04-22 15:03 . 2009-04-22 15:03 -------- d-----w c:\program files\Alwil Software 2009-04-20 06:53 . 2009-04-20 06:53 -------- d-----w c:\windows\system32\Macromed 2009-04-19 16:40 . 2009-04-19 22:07 -------- d-----w c:\users\Bente\AppData\Roaming\vlc 2009-04-19 16:40 . 2009-04-19 16:40 -------- d-----w c:\program files\VideoLAN 2009-04-19 15:44 . 2009-04-19 15:44 -------- d-----w c:\users\Bente\AppData\Roaming\Media Player Classic 2009-04-18 01:00 . 2009-04-18 01:00 269312 ----a-w c:\windows\system32\es.dll 2009-04-16 01:33 . 2009-04-16 01:33 28672 ----a-w c:\windows\system32\FwRemoteSvr.dll 2009-04-16 01:33 . 2009-04-16 01:33 61440 ----a-w c:\windows\system32\winipsec.dll 2009-04-16 01:33 . 2009-04-16 01:33 361984 ----a-w c:\windows\system32\IPSECSVC.DLL 2009-04-16 01:33 . 2009-04-16 01:33 272896 ----a-w c:\windows\system32\polstore.dll 2009-04-16 01:32 . 2009-04-16 01:32 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll 2009-04-16 01:32 . 2009-04-16 01:32 94720 ----a-w c:\windows\system32\PortableDeviceClassExtension.dll 2009-04-16 01:32 . 2009-04-16 01:32 160768 ----a-w c:\windows\system32\PortableDeviceTypes.dll 2009-04-16 01:27 . 2009-04-16 01:27 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-16 01:26 . 2009-04-16 01:26 296960 ----a-w c:\windows\system32\gdi32.dll 2009-04-16 01:25 . 2009-04-16 01:25 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-04-16 01:24 . 2009-04-16 01:24 562176 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-16 01:24 . 2009-04-16 01:24 38912 ----a-w c:\windows\system32\xolehlp.dll 2009-04-16 01:23 . 2009-04-16 01:23 28672 ----a-w c:\windows\system32\Apphlpdm.dll 2009-04-16 01:23 . 2009-04-16 01:23 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll 2009-04-16 01:23 . 2009-04-16 01:23 1695744 ----a-w c:\windows\system32\gameux.dll 2009-04-16 01:23 . 2009-04-16 01:23 303616 ----a-w c:\windows\system32\wmpeffects.dll 2009-04-16 01:22 . 2009-04-16 01:22 1191936 ----a-w c:\windows\system32\msxml3.dll 2009-04-16 01:22 . 2009-04-16 01:22 2048 ----a-w c:\windows\system32\msxml3r.dll 2009-04-16 01:19 . 2009-04-16 01:19 2048 ----a-w c:\windows\system32\tzres.dll 2009-04-16 01:18 . 2009-04-16 01:18 8147456 ----a-w c:\windows\system32\wmploc.DLL 2009-04-16 01:18 . 2009-04-16 01:18 7680 ----a-w c:\windows\system32\spwmp.dll 2009-04-16 01:18 . 2009-04-16 01:18 4096 ----a-w c:\windows\system32\dxmasf.dll 2009-04-16 01:15 . 2009-04-16 01:15 2927104 ----a-w c:\windows\explorer.exe 2009-04-16 01:13 . 2009-04-16 01:13 181760 ----a-w c:\windows\system32\fsquirt.exe 2009-04-16 01:13 . 2009-04-16 01:13 19456 ----a-w c:\windows\system32\drivers\bthenum.sys 2009-04-16 01:13 . 2009-04-16 01:13 220160 ----a-w c:\windows\system32\drivers\bthport.sys 2009-04-16 01:13 . 2009-04-16 01:13 29184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS 2009-04-16 01:12 . 2009-04-16 01:12 6656 ----a-w c:\windows\system32\kbd106n.dll 2009-04-16 01:12 . 2009-04-16 01:12 927288 ----a-w c:\windows\system32\winresume.exe 2009-04-16 01:12 . 2009-04-16 01:12 988216 ----a-w c:\windows\system32\winload.exe 2009-04-16 01:12 . 2009-04-16 01:12 40960 ----a-w c:\windows\system32\srclient.dll 2009-04-16 01:12 . 2009-04-16 01:12 318464 ----a-w c:\windows\system32\rstrui.exe 2009-04-16 01:12 . 2009-04-16 01:12 378368 ----a-w c:\windows\system32\srcore.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-15 17:01 . 2006-11-21 05:16 76478 ----a-w c:\windows\system32\perfc014.dat 2009-05-15 17:01 . 2006-11-21 05:16 452334 ----a-w c:\windows\system32\perfh014.dat 2009-05-15 16:59 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-15 16:23 . 2009-03-29 09:35 1356 ----a-w c:\users\Bente\AppData\Local\d3d9caps.dat 2009-05-10 18:19 . 2009-03-29 12:34 82171 ----a-w c:\users\Bente\AppData\Roaming\nvModes.dat 2009-04-29 20:44 . 2009-04-29 20:44 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-04-25 22:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery 2009-04-25 22:06 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender 2009-04-25 19:18 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll 2009-04-25 19:18 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll 2009-04-22 16:10 . 2009-03-29 09:36 99864 ----a-w c:\users\Bente\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-22 15:59 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild 2009-04-16 01:02 . 2009-04-16 01:02 827392 ----a-w c:\windows\system32\wininet.dll 2009-04-16 01:02 . 2009-04-16 01:02 72704 ----a-w c:\windows\system32\admparse.dll 2009-04-16 01:02 . 2009-04-16 01:02 78336 ----a-w c:\windows\system32\ieencode.dll 2009-04-16 01:02 . 2009-04-16 01:02 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-04-16 01:02 . 2009-04-16 01:02 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-04-15 16:37 . 2009-04-15 16:37 -------- d-----w c:\program files\Foxit Software 2009-04-14 19:06 . 2009-03-29 10:44 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-14 19:06 . 2009-04-14 19:06 -------- d-----w c:\program files\WIN7TS 2009-04-14 19:05 . 2009-04-14 19:05 -------- d-----w c:\program files\AuthenTec, Inc 2009-04-14 19:03 . 2009-04-14 19:03 51224 ----a-w c:\windows\system32\wuauclt.exe 2009-04-14 19:03 . 2009-04-14 19:03 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-14 19:03 . 2009-04-14 19:03 1809944 ----a-w c:\windows\system32\wuaueng.dll 2009-04-14 19:03 . 2009-04-14 19:03 1524736 ----a-w c:\windows\system32\wucltux.dll 2009-04-14 19:03 . 2009-04-14 19:03 83456 ----a-w c:\windows\system32\wudriver.dll 2009-04-14 19:03 . 2009-04-14 19:03 561688 ----a-w c:\windows\system32\wuapi.dll 2009-04-14 19:03 . 2009-04-14 19:03 34328 ----a-w c:\windows\system32\wups.dll 2009-04-14 19:02 . 2009-04-14 19:02 31232 ----a-w c:\windows\system32\wuapp.exe 2009-04-14 19:02 . 2009-04-14 19:02 162064 ----a-w c:\windows\system32\wuwebv.dll 2009-03-29 10:58 . 2009-03-29 10:58 0 ----a-w c:\windows\bcm5486.tmp 2009-03-29 10:55 . 2009-03-29 10:55 -------- d-----w c:\program files\Broadcom 2009-03-29 10:55 . 2009-03-29 10:55 87328 ----a-w c:\windows\system32\bcmwlcoi.dll 2009-03-29 10:55 . 2009-03-29 10:55 3141632 ----a-w c:\windows\system32\bcmihvui.dll 2009-03-29 10:55 . 2009-03-29 10:55 3481600 ----a-w c:\windows\system32\bcmihvsrv.dll 2009-03-29 10:55 . 2009-03-29 10:55 1207288 ----a-w c:\windows\system32\drivers\BCMWL6.SYS 2009-03-29 10:54 . 2009-03-29 10:54 -------- d-----w c:\program files\Fingerprint Sensor 2009-03-29 10:49 . 2009-03-29 10:49 -------- d-----w c:\program files\Hewlett-Packard 2009-03-29 10:48 . 2009-03-29 10:48 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2009-03-29 10:48 . 2009-03-29 10:48 -------- d-----w c:\program files\Synaptics 2009-03-29 10:44 . 2009-03-29 10:44 319456 ----a-w c:\windows\DIFxAPI.dll 2009-03-29 10:44 . 2009-03-29 10:44 -------- d-----w c:\program files\Realtek 2009-03-29 10:43 . 2009-03-29 10:43 315392 ----a-w c:\windows\HideWin.exe 2009-03-29 10:43 . 2009-03-29 10:43 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-29 09:35 . 2009-03-29 09:35 -------- d-sh--w c:\program files\Fellesfiler 2009-02-21 06:25 . 2009-02-21 06:25 691592 ----a-w c:\windows\system32\OGACheckControl.DLL . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1E02791D-68AE-4DCD-B926-0E5C9204089E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{C1EEC58B-3A2B-4854-B5D9-1C0C6CE84A93}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{74C92659-12A6-4EED-BA3F-8AE58D51DEA5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{AAC2EED8-F391-4868-9506-5818A9FAA469}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C9DC104-A681-46E6-B2DA-2C4E4B8EDE74}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22.04.2009 17:03 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22.04.2009 17:03 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22.04.2009 17:03 51792] S2 gupdate1c9d09511f149a0;Googles oppdateringstjeneste (gupdate1c9d09511f149a0);c:\program files\Google\Update\GoogleUpdate.exe [09.05.2009 12:58 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b88f56a-1c43-11de-b2ee-806e6f6e6963}] \shell\AutoRun\command - E:\setup.exe . . ------- Tilleggsskanning ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Bente\AppData\Roaming\Mozilla\Firefox\Profiles\gfshbmmd.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-15 19:15 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Tidspunkt ferdig: 2009-05-15 19:16 ComboFix-quarantined-files.txt 2009-05-15 17:16 ComboFix2.txt 2009-05-15 16:51 Pre-Run: 109 529 509 888 byte ledig Post-Run: 109 191 454 720 byte ledig 262 --- E O F --- 2009-05-15 17:04 PC2 MBAM Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2135 Windows 5.1.2600 Service Pack 2 15.05.2009 19:30:01 mbam-log-2009-05-15 (19-30-01).txt Skanntype: Rask Skann Objekter skannet: 87634 Tid tilbakelagt: 3 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix ComboFix 09-05-15.01 - Tommy 15.05.2009 19:41.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.47.1033.18.2046.1754 [GMT 2:00] Kjører fra: c:\documents and settings\Tommy\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-15 til 2009-05-15 ))))))))))))))))))))))))))))))))) . 2009-05-15 17:25 . 2009-05-15 17:25 -------- d-----w c:\documents and settings\Tommy\Application Data\Malwarebytes 2009-05-15 17:25 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-15 17:25 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-15 17:25 . 2009-05-15 17:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-15 17:25 . 2009-05-15 17:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-01 17:16 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll 2009-05-01 17:16 . 2003-03-18 18:14 499712 ----a-w c:\windows\system32\MSVCP71.dll 2009-05-01 17:16 . 2003-02-21 02:42 348160 ----a-w c:\windows\system32\MSVCR71.dll 2009-05-01 17:16 . 2009-05-01 17:16 -------- d-----w c:\program files\Alwil Software 2009-04-24 22:46 . 2009-04-24 22:46 -------- d-----w c:\documents and settings\Tommy\Games 2009-04-17 21:44 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-17 21:44 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll 2009-04-17 21:44 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-17 21:44 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 21:44 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 21:44 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 21:44 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 21:44 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 21:44 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 21:16 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-15 17:32 . 2008-12-22 19:21 -------- d-----w c:\program files\Steam 2009-05-15 17:32 . 2009-01-14 15:35 22528 ----a-w c:\windows\system32\drivers\nhcDriver.sys 2009-05-15 17:20 . 2008-11-27 18:26 -------- d-----w c:\program files\LogMeIn 2009-03-06 14:00 . 2004-08-10 05:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-22 20:17 . 2009-02-22 20:17 97792 ----a-w c:\windows\system32\drivers\ACEDRV05.sys 2009-02-20 08:30 . 2004-08-10 05:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-20 08:30 . 2004-08-10 05:00 659456 ----a-w c:\windows\system32\wininet.dll . ------- Sigcheck ------- [-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe [-] 2008-11-27 16:58 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe [-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll [-] 2007-01-23 19:15 1580544 A091CD8E4E07C391597D3E0C511DE540 c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Steam"="c:\program files\Steam\Steam.exe" [2008-12-22 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowLOMControl"="1 (0x1)" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072] "NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-10 99840] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Ressursoverv†king for Extender-enhet.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 19:35 87352 ----a-w c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\VALVe\\Counter-Strike Source\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\julenissen008\\counter-strike source\\hl2.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Atari\\Locomotion\\Loco.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"= "c:\\Documents and Settings\\Tommy\\Games\\Tom Clancy's H.A.W.X\\HAWX.exe"= "c:\\Documents and Settings\\Tommy\\Games\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Ekstern Media Center-opplevelse R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.02.2008 12:11 33800] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01.05.2009 19:16 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01.05.2009 19:17 20560] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20.02.2008 12:08 472320] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.07.2008 19:46 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [27.11.2008 20:26 47640] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [10.08.2004 07:00 3584] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MDMXSDK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll Notify-WgaLogon - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Tommy\Application Data\Mozilla\Firefox\Profiles\2mhh2rep.default\ FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-15 19:42 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Tidspunkt ferdig: 2009-05-15 19:43 ComboFix-quarantined-files.txt 2009-05-15 17:43 Pre-Run: 2 849 492 992 bytes free Post-Run: 3 350 843 392 byte ledig 171 --- E O F --- 2009-04-30 16:22 Lenke til kommentar
snippsat Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 (endret) Pc1 ok. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Pc2. Den ser ok ut den og. Du må fjerne enten avast eller nod32. Når det er gjort gjør dette. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Scann nå med gjenverende antivirus. Viss den finner noe må du ta med korrekt plassering. Eksp c:\windows\<et eller annet.exe> Endret 15. mai 2009 av SNIPPSAT Lenke til kommentar
-Tommy Skrevet 16. mai 2009 Forfatter Del Skrevet 16. mai 2009 Var visst falsk alarm ja. Kjøre en grundig scann med avast og den fant ingenting på pc2. Kan virke som at det rett og slett bare var et program som laget problemer. For pc2 hengte seg opp etter ca. 1min etter oppstart, men når jeg avsluttet unødvendige programmer i oppstart så funket det helt fint. Anyway, takk for svar Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå