a3turbo Skrevet 27. juni 2009 Del Skrevet 27. juni 2009 Har fått virus Sånn går det når man lar kompiser få laste ned på limewire Avast antivirus finner virus hver gang jeg skrur på datan, selv om jeg fjerner dem så kommer dem tilbake.. Hadde blitt veldig glad hvis noen kunne hjelpe meg MBAM log: Malwarebytes' Anti-Malware 1.38 Databaseversjon: 2334 Windows 5.1.2600 Service Pack 3 25.06.2009 19:27:45 mbam-log-2009-06-25 (19-27-45).txt Skanntype: Rask Skann Objekter skannet: 92494 Tid tilbakelagt: 3 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{b0efd2db-b0ef-d2db-b0ef-d2dbb0efd2db} (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix log: ComboFix 09-06-24.05 - Ola Nordmann 25.06.2009 19:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2047.1565 [GMT 2:00] Kjører fra: c:\documents and settings\Ola Nordmann\Skrivebord\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mdm.exe c:\windows\system32\wl.exe L:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-25 til 2009-06-25 ))))))))))))))))))))))))))))))))) . 2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\documents and settings\Ola Nordmann\Programdata\Malwarebytes 2009-06-25 17:23 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-25 17:23 . 2009-06-25 17:23 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-06-25 17:23 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 11:19 . 2009-06-06 11:19 -------- d-----w- c:\documents and settings\All Users\Programdata\Age of Empires 3 2009-05-31 22:01 . 2009-05-31 22:01 -------- d-----w- c:\programfiler\PowerQuest 2009-05-30 18:55 . 2009-05-30 18:37 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-30 18:37 . 2009-05-30 18:37 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-05-30 18:37 . 2009-05-30 18:37 15688 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-30 18:37 . 2009-05-30 18:37 83808 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-05-30 18:37 . 2009-05-30 18:37 64160 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-05-30 18:37 . 2009-05-30 18:37 40288 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-05-30 18:37 . 2009-05-30 18:37 212848 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-05-30 18:33 . 2009-05-30 18:33 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-05-30 18:33 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-05-30 18:33 . 2009-05-30 18:33 -------- d-----w- c:\programfiler\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 17:08 . 2008-08-12 16:45 -------- d-----w- c:\programfiler\Steam 2009-06-25 14:00 . 2006-11-23 12:13 25568 -c--a-w- c:\documents and settings\Ola Nordmann\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-06-24 19:46 . 2006-11-23 15:32 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2009-06-22 18:10 . 2008-03-31 19:51 -------- d-----w- c:\documents and settings\Ola Nordmann\Programdata\uTorrent 2009-06-17 18:37 . 2006-11-23 13:08 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-06-17 18:23 . 2007-02-01 17:45 -------- d-----w- c:\programfiler\Windows Live Safety Center 2009-06-13 21:02 . 2006-12-06 16:52 -------- d-----w- c:\documents and settings\Ola Nordmann\Programdata\LimeWire 2009-06-08 20:58 . 2007-05-17 10:32 -------- d-----w- c:\documents and settings\Ola Nordmann\Programdata\dvdcss 2009-06-06 11:19 . 2006-11-23 14:50 -------- d-----w- c:\programfiler\DivX 2009-06-06 11:19 . 2009-05-11 19:55 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared 2009-05-30 18:33 . 2009-01-25 22:18 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft 2009-05-27 18:47 . 2009-05-20 17:49 -------- d-----w- c:\documents and settings\Henrik Hanssen\Programdata\Red Alert 3 2009-05-07 15:34 . 2004-08-04 12:00 346112 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-29 04:50 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:49 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:51 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-18 18:12 . 2008-05-24 14:05 8 -c--a-w- c:\windows\system32\nvModes.dat 2009-04-17 22:00 . 2004-08-04 12:00 80218 ----a-w- c:\windows\system32\perfc014.dat 2009-04-17 22:00 . 2004-08-04 12:00 425914 ----a-w- c:\windows\system32\perfh014.dat 2009-04-15 14:55 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-02 07:17 . 2009-04-02 07:17 152576 ----a-w- c:\documents and settings\Ola Nordmann\Programdata\Sun\Java\jre1.6.0_13\lzma.dll . ------- Sigcheck ------- [7] 2004-08-04 12:00 14336 C4D272D897700C7AD4B8E8454CD08676 c:\windows\$NtServicePackUninstall$\svchost.exe [7] 2008-04-14 16:23 14336 2FADE3D461E99941AAA13E0B83385B46 c:\windows\ServicePackFiles\i386\svchost.exe [7] 2008-04-14 16:23 14336 2FADE3D461E99941AAA13E0B83385B46 c:\windows\system32\svchost.exe [-] 2005-03-02 18:21 577024 734AF317DBB41621D52E2BD2D03AB96F c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2007-03-08 15:51 578048 8D3DC7BFF402001E15B21EB9163FD3AA c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 15:39 577536 42571ED66E3F46BB946EEEA09EDE7BD6 c:\windows\$NtServicePackUninstall$\user32.dll [7] 2004-08-04 12:00 577024 BAB45056164CD9585E5E673A0DE78931 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2005-03-02 18:19 577024 56B0D0017DE7901E14FE021BD4C9E4BA c:\windows\$NtUninstallKB925902$\user32.dll [7] 2008-04-14 16:22 578560 B8415B9580A5DCAA9ABCC639D0A911AF c:\windows\ServicePackFiles\i386\user32.dll [7] 2008-04-14 16:22 578560 B8415B9580A5DCAA9ABCC639D0A911AF c:\windows\system32\user32.dll [7] 2004-08-04 12:00 82944 B169D7467910A23FACB7EE0D557ABB92 c:\windows\$NtServicePackUninstall$\ws2_32.dll [7] 2008-04-14 16:22 82432 EAD4EA14CA7FD71F9D34725F3045DED2 c:\windows\ServicePackFiles\i386\ws2_32.dll [7] 2008-04-14 16:22 82432 EAD4EA14CA7FD71F9D34725F3045DED2 c:\windows\system32\ws2_32.dll [-] 2006-09-14 08:38 664064 47C271CF103F941E5889D19EC5643B2E c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll [7] 2007-03-07 17:40 823296 9DF62D1C9801A7EE52DB568F96DFDF0F c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll [7] 2007-04-25 08:35 823808 C66503E16B8F548D580020CB61EEFC08 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll [7] 2007-06-27 14:16 824320 3E5FB710970F66AD362E7DBF1D886FAE c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll [7] 2007-08-20 09:52 825344 D1FD68D12DB5A9B67D608E7A356BA9F2 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [7] 2007-10-10 23:42 825344 06FB7A0D18F4546F120AF73AE24354C8 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [7] 2007-12-07 02:00 825344 5B32804F6ADAEA2D9615637A353B1C82 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [7] 2008-03-01 12:49 827392 49F00B84BE5A82D0DE6AB10B1FA93C32 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [7] 2008-04-23 04:21 827392 E6F5E344CB3D009498E923B9A0DBA29C c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [7] 2008-06-23 15:42 827904 69FDF7A7CE0576D41C7277CB6F688E1E c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [7] 2008-08-26 09:12 827904 98C80E9B356C50645C31B9F607543649 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [7] 2008-10-16 19:50 827904 8B0B339A2F3572C82331D84A2348DF8D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [7] 2008-12-20 23:49 827904 484F946C80FB38855F59E13D676F36E4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2009-03-03 00:17 828416 784F219A9692B09710CFE91A9F5E4C3D c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-04-29 04:40 828928 A095329285F0DB0A4590080F5FD06F24 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [7] 2004-08-04 12:00 655872 10F493204EBE9EAAD8664819E97C36CF c:\windows\$NtUninstallKB922760$\wininet.dll [-] 2006-09-14 08:40 658432 A97511A3A34DD90F627F8B3398B7AFB8 c:\windows\ie7\wininet.dll [7] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll [7] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll [7] 2007-03-07 17:43 822784 CF40F4A1B95983228B6BC48B4280CEAC c:\windows\ie7updates\KB933566-IE7\wininet.dll [7] 2007-04-25 07:45 822784 6BEECE4E79F9966695C70BAA137AB4BD c:\windows\ie7updates\KB937143-IE7\wininet.dll [7] 2007-06-27 14:13 823808 AB3BB3631491CAE01AAFFAEDD2BA60DC c:\windows\ie7updates\KB939653-IE7\wininet.dll [7] 2007-08-20 10:03 824832 25AEBFD7DC4E210E048BDCACE2893122 c:\windows\ie7updates\KB942615-IE7\wininet.dll [7] 2007-10-10 23:54 824832 58BB40542F013C10D21AF514A6380209 c:\windows\ie7updates\KB944533-IE7\wininet.dll [7] 2007-12-07 02:17 824832 B55FE0DB96700D41313E0C613A1ADB16 c:\windows\ie7updates\KB947864-IE7\wininet.dll [7] 2008-03-01 13:05 826368 5BA67869F780094AB4DBDA4E336C7705 c:\windows\ie7updates\KB950759-IE7\wininet.dll [7] 2008-04-23 04:22 826368 CCC72F4396DB467C1BEBB943338A0763 c:\windows\ie7updates\KB953838-IE7\wininet.dll [7] 2008-06-23 16:57 826368 3548F8BD78BEC9901DA371909D5AFCE2 c:\windows\ie7updates\KB956390-IE7\wininet.dll [7] 2008-08-26 08:30 826368 C1AD172CE43D33D3DAFE6F297E9D3C50 c:\windows\ie7updates\KB958215-IE7\wininet.dll [7] 2008-10-16 20:33 826368 D5C68D18F2EC4C5F7425F8FF1C1607C2 c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-12-20 23:03 826368 57B6EA4018F6706462DCE6898C88E754 c:\windows\ie7updates\KB963027-IE7\wininet.dll [7] 2009-03-03 00:16 826368 552CF9B452CDB58B3D81945EA1A9E33B c:\windows\ie7updates\KB969897-IE7\wininet.dll [7] 2008-04-14 16:22 665600 3B22BD33306298210CCBA8541DFE94B5 c:\windows\ServicePackFiles\i386\wininet.dll [7] 2009-04-29 04:50 827392 B110B48F7D5D0F0F74C29D9BC521E1D0 c:\windows\system32\wininet.dll [7] 2009-04-29 04:50 827392 B110B48F7D5D0F0F74C29D9BC521E1D0 c:\windows\system32\dllcache\wininet.dll [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 12:00 501248 765B39061CA16D01ABFEA752C5E2DB8F c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2008-04-14 16:23 506880 15CCFEC060818DAB936B8C5FAEEE21F9 c:\windows\ServicePackFiles\i386\winlogon.exe [7] 2008-04-14 16:23 506880 15CCFEC060818DAB936B8C5FAEEE21F9 c:\windows\system32\winlogon.exe [7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys [7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys [-] 2005-03-02 18:14 2058624 56C80A2066064C006112420CA16DD765 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 18:47 2061184 B60471888D792B4BBC95AAD6CF678B81 c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 16:09 2061184 9FB0E8D4EE1252C3803FB7F1A8C47129 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [7] 2009-02-09 11:20 2067968 03BCDF3E7CC50EAA4DF9FFDC4CC178D3 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 17:28 2067840 9FB08D3EAC41E7CDF0C1F5AD39F8E691 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2007-02-28 16:05 2017792 984A93DE53D05F2863052F0257AC7E10 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [7] 2004-08-04 12:00 2017280 6E719A66940B6EFD6B8AC6E91F3424C3 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2005-03-02 18:09 2017280 1C9022A39609A98AB92F3CEAD3636CC9 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2006-12-19 18:25 2017792 22C31D1A1F2274EE56BAEA6C4F5D5903 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [7] 2008-08-14 13:27 2025984 47C908EE474FD30B06CE5DFCC6D23B88 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [7] 2008-04-14 15:53 2025472 73616D0BE819E8D2FE4A7294C6027B81 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [7] 2009-02-10 17:11 2067840 FF1A06B1C12BDA81B7E92BE54EDB2E61 c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2008-04-14 15:53 2067584 4F49D85BCC90A2298B820A3F8AF033FC c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [7] 2009-02-09 11:27 2025984 C4E11C88D231389F6FFF5CA38EC00A20 c:\windows\system32\ntkrnlpa.exe [7] 2009-02-10 17:11 2067840 FF1A06B1C12BDA81B7E92BE54EDB2E61 c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2005-03-02 18:14 2181248 D278FD008403A9B5A9D8063947FCB71A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2006-12-19 18:47 2183808 E1D98A27386B77B4005B3B21D2BB64D8 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2007-02-28 16:09 2183936 8EEBF8304BD2BA803DE565A7C2651BF6 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2009-02-10 17:19 2190976 0A00211A1F0AD77AAF57997E296836FA c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2008-08-14 17:28 2190976 CCCEACCDF603068FB5FEA158356D1EC8 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2007-02-28 16:05 2138112 898D238B98C5F3F34C1FC9B7EFA4F23A c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2004-08-04 12:00 2150400 4524BCACCE72E9A9FF70F947A972D52E c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2005-03-02 18:09 2137600 77F935E1D4475C1E653344AADB964DBD c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2006-12-19 18:25 2138112 0761247C138CFC90DBD2FF1B8D6DD474 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [7] 2008-08-14 13:27 2147328 8517C5C6ED0846C09C92788CDF6155B9 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [7] 2008-04-14 15:53 2146816 FA2221F0DD1A35962E679247F0C0687E c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [7] 2009-02-09 11:27 2190848 DE27D6478CF37D601E966B9957EE40F2 c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2008-04-14 15:53 2190720 C4702E299690C718C0D4E5DCA0DB314C c:\windows\ServicePackFiles\i386\ntoskrnl.exe [7] 2009-02-09 11:27 2147328 79248D68A4178DE9D5BCB9ED902DD91E c:\windows\system32\ntoskrnl.exe [7] 2009-02-09 11:27 2190848 DE27D6478CF37D601E966B9957EE40F2 c:\windows\system32\dllcache\ntoskrnl.exe [7] 2008-04-14 16:22 1033728 8059C34B6F4758F678E975665EADFD87 c:\windows\explorer.exe [-] 2007-06-13 13:12 1033216 1A8E8CACE017E1B143DE91E11987ED39 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 13:24 1033216 2964B3F5E59F5D989252E2564A21A4C1 c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2004-08-04 12:00 1032192 0B4A898DE1AA20D133C91BA260E7A8A1 c:\windows\$NtUninstallKB938828$\explorer.exe [7] 2008-04-14 16:22 1033728 8059C34B6F4758F678E975665EADFD87 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2009-02-09 11:20 111104 D7C38C2FD6672B1BF21152C374732323 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2004-08-04 12:00 108544 B44F7F43D33E308D07BA54C23B897E20 c:\windows\$NtServicePackUninstall$\services.exe [7] 2008-04-14 16:23 108544 7ED9EBF2D1449CE1C0BC53586F8A1F42 c:\windows\$NtUninstallKB956572$\services.exe [7] 2008-04-14 16:23 108544 7ED9EBF2D1449CE1C0BC53586F8A1F42 c:\windows\ServicePackFiles\i386\services.exe [7] 2009-02-09 11:27 111104 6248240BB90F50535277801E2A3F923F c:\windows\system32\services.exe [7] 2009-02-09 11:27 111104 6248240BB90F50535277801E2A3F923F c:\windows\system32\dllcache\services.exe [7] 2004-08-04 12:00 13312 8235198CDB70AAEB3C1435C1911641F9 c:\windows\$NtServicePackUninstall$\lsass.exe [7] 2008-04-14 16:22 13312 0EAC811F89889A7585BAEDAA4BDD16AF c:\windows\ServicePackFiles\i386\lsass.exe [7] 2008-04-14 16:22 13312 0EAC811F89889A7585BAEDAA4BDD16AF c:\windows\system32\lsass.exe [7] 2004-08-04 12:00 15360 DDC0E7A20F0F77BEC5108C265C4AE435 c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-04-14 16:22 15360 DD0A3AC0339D222329CBF9CFE0FE6AA5 c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2008-04-14 16:22 15360 DD0A3AC0339D222329CBF9CFE0FE6AA5 c:\windows\system32\ctfmon.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe [7] 2004-08-04 12:00 57856 1EFB05D36736D2B6DF8FD81C76FA0BE6 c:\windows\$NtUninstallKB896423$\spoolsv.exe [7] 2008-04-14 16:23 57856 24A34B0CDDA0ADF220C85150F042D4BB c:\windows\ServicePackFiles\i386\spoolsv.exe [7] 2008-04-14 16:23 57856 24A34B0CDDA0ADF220C85150F042D4BB c:\windows\system32\spoolsv.exe [7] 2008-04-14 16:23 111616 C0B59BE000B7CEDBF84A88F958E492DB c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe [7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe [7] 2004-08-04 12:00 24576 025D58A521E0063B92ADEBD84F147E68 c:\windows\$NtServicePackUninstall$\userinit.exe [7] 2008-04-14 16:23 26112 5EE32955C86D583627F8D37350C1E145 c:\windows\ServicePackFiles\i386\userinit.exe [7] 2008-04-14 16:23 26112 5EE32955C86D583627F8D37350C1E145 c:\windows\system32\userinit.exe [7] 2004-08-04 12:00 294912 CDFDE4AC03BF56BF5B383C4F849D34E5 c:\windows\$NtServicePackUninstall$\termsrv.dll [7] 2008-04-14 16:22 294912 738D9F8ECCD37E0ADAD152D2245BA5C0 c:\windows\ServicePackFiles\i386\termsrv.dll [7] 2008-04-14 16:22 294912 738D9F8ECCD37E0ADAD152D2245BA5C0 c:\windows\system32\termsrv.dll [-] 2006-07-05 10:58 986112 084211C19F21FBF01181BB546EE360A2 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2007-04-16 16:11 987136 FD6D59E9457019F2C28EA68292EBB6E4 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [7] 2009-03-21 14:04 992768 9DB523045B2ED048E8EDE9776165B124 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2007-04-16 15:54 985600 5EED88700755D8E9B07B8ABD21F4C3E3 c:\windows\$NtServicePackUninstall$\kernel32.dll [7] 2004-08-04 12:00 984576 50FEF76905F65824A58073E663140617 c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2006-07-05 10:57 985088 A609A85EAEC4BD70A8170674C589ADB4 c:\windows\$NtUninstallKB935839$\kernel32.dll [7] 2008-04-14 16:22 990720 A865544D4BF02C7641BB388899557137 c:\windows\$NtUninstallKB959426$\kernel32.dll [7] 2008-04-14 16:22 990720 A865544D4BF02C7641BB388899557137 c:\windows\ServicePackFiles\i386\kernel32.dll [7] 2009-03-21 14:09 990720 D023175566B0BCDC4935F3F6E5F70377 c:\windows\system32\kernel32.dll [7] 2009-03-21 14:09 990720 D023175566B0BCDC4935F3F6E5F70377 c:\windows\system32\dllcache\kernel32.dll [7] 2004-08-04 12:00 17408 24097802A77BE4C2CE1DF928211AE806 c:\windows\$NtServicePackUninstall$\powrprof.dll [7] 2008-04-14 16:22 17408 8FEA624F1DEB7A3EDFE0121CD2F68A57 c:\windows\ServicePackFiles\i386\powrprof.dll [7] 2008-04-14 16:22 17408 8FEA624F1DEB7A3EDFE0121CD2F68A57 c:\windows\system32\powrprof.dll [7] 2004-08-04 12:00 110080 E68CFF083BEC05A7E716E00FF437A330 c:\windows\$NtServicePackUninstall$\imm32.dll [7] 2008-04-14 16:22 110080 ECC620342C9771E888EC627DFDD3FB42 c:\windows\ServicePackFiles\i386\imm32.dll [7] 2008-04-14 16:22 110080 ECC620342C9771E888EC627DFDD3FB42 c:\windows\system32\imm32.dll [7] 2004-08-04 12:00 1550336 8793627B38B74DB31D3DE0EE2D2A2E87 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [7] 2008-04-14 16:22 1573376 DEFE958A293A26DA4DF29A5DAE0C219F c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 16:22 1573376 DEFE958A293A26DA4DF29A5DAE0C219F c:\windows\system32\sfcfiles.dll [7] 2004-08-04 12:00 168448 7A0302C81672BE362E0A9C7195597758 c:\windows\$NtServicePackUninstall$\appmgmts.dll [7] 2008-04-14 16:21 168448 7920FE96610CB24CE59ADC5667D27858 c:\windows\ServicePackFiles\i386\appmgmts.dll [7] 2008-04-14 16:21 168448 7920FE96610CB24CE59ADC5667D27858 c:\windows\system32\appmgmts.dll [7] 2004-08-04 12:00 24448 12BEA82362CFFCE1769E101549302B57 c:\windows\$NtServicePackUninstall$\kbdclass.sys [7] 2008-04-14 15:50 24448 403A9D3C56617C49EFCB5F2897F500D7 c:\windows\ServicePackFiles\i386\kbdclass.sys [7] 2008-04-14 15:50 24448 403A9D3C56617C49EFCB5F2897F500D7 c:\windows\system32\drivers\kbdclass.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Steam"="c:\programfiler\steam\steam.exe" [2009-06-11 1217784] "AdobeUpdater"="c:\programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\programfiler\DAEMON Tools\daemon.exe" [2006-09-14 157592] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-05-23 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776] "razertra"="c:\programfiler\Razer\razertra.exe" [2004-10-10 208896] "type32"="c:\programfiler\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2006-11-23 185784] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-11-03 286720] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-20 518488] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ CoreCenter.lnk - c:\programfiler\MSI\Core Center\CoreCenter.exe [2006-12-7 928256] DigiCell.lnk - c:\programfiler\MSI\DigiCell\DigiCell.exe [2006-6-27 1375744] DMX 6fire 2496 ControlPanel.lnk - c:\programfiler\TerraTec\DMX 6fire\DMX6Fire.exe [2006-11-23 335872] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "f:\\Programfiler\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "f:\\Programfiler\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enGB-downloader.exe"= "f:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Steam\\steamapps\\henrikhedning\\counter-strike source\\hl2.exe"= "f:\\Programfiler\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "f:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"= "f:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\empires2.EXE"= "f:\\Programfiler\\LimeWire\\LimeWire.exe"= "f:\\Programfiler\\Microsoft Games\\Age of Empires III\\age3y.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.05.2009 20:37 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.03.2009 09:56 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.03.2009 09:56 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 1003344] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programfiler\Viewpoint\Common\ViewpointService.exe [10.02.2008 04:44 24652] R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [04.08.2004 14:00 14336] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [03.03.2007 16:51 33792] R3 dmxfire;DMX6fire WDM Audio;c:\windows\system32\drivers\dmx6fire.sys [29.08.2003 10:30 148724] R3 dmxsens;dmxsens;c:\windows\system32\drivers\dmxsens.sys [22.07.2003 15:07 403968] S2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [27.10.2007 11:09 84608] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [07.06.2007 16:46 17280] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [07.12.2006 07:44 31872] S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - NVR0DEV *Deregistered* - DigiCellDriver *Deregistered* - NVR0Dev *Deregistered* - PCAlertDriver HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wmcmgc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E0837E00-F502-AF00-E8CB-A02CC30C5E5B}] c:\windows\system32\svchost.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:37] . - - - - TOMME PEKERE FJERNET - - - - Notify-AtiExtEvent - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no TCP: {53E0EC9E-F42D-4ACF-9CC5-05087A44E5E3} = 217.13.7.140,217.13.4.24 DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:35 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-06-25 19:37 ComboFix-quarantined-files.txt 2009-06-25 17:37 Pre-Run: 15 892 586 496 byte ledig Post-Run: 16 492 097 536 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=3 Default=3 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5 336 --- E O F --- 2009-06-22 20:27 Lenke til kommentar
raWrz Skrevet 27. juni 2009 Del Skrevet 27. juni 2009 Hei hva kaller avast filen og hvor ligger den / de? Lenke til kommentar
a3turbo Skrevet 28. juni 2009 Forfatter Del Skrevet 28. juni 2009 Hei hva kaller avast filen og hvor ligger den / de? hvis du mener virusene som avast finner, så er det disse: C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\32FLPTU3[1].jpg C:\Programfiler\Fellesfiler.exe C:\System Volume Information\_restore{2C3F3C5D-8E9B-4C56-B6A6-B2548AF36578}\RP616\A0113001.dll C:\System Volume Information\_restore{2C3F3C5D-8E9B-4C56-B6A6-B2548AF36578}\RP616\A0113017.dll C:\System Volume Information\_restore{2C3F3C5D-8E9B-4C56-B6A6-B2548AF36578}\RP616\A0113082.dll C:\System Volume Information\_restore{2C3F3C5D-8E9B-4C56-B6A6-B2548AF36578}\RP617\A0113108.dll C:\System Volume Information\_restore{2C3F3C5D-8E9B-4C56-B6A6-B2548AF36578}\RP630\A0115931.exe F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpk.exe F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpkvw.exe F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpkhk.dll F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpki.dll F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpkwb.dll F:\System Volume Information\_restore{E871567F-EFFB-42E5-AADF-A29299752C20}\RP456\A0090714.exe\bpkr.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå