Zenex Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Hei, jeg klarte å tabbe meg ut og få tak i msn viruset og vil selvfølgelig få det vekk Mbam-log: Malwarebytes' Anti-Malware 1.17 Database versjon: 846 17:00:26 11.06.2008 mbam-log-6-11-2008 (17-00-26).txt Skann type: Rask Skann Objekter skannet: 38017 Tid tilbakelagt: 3 minute(s), 28 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix log: ComboFix 08-06-10.5 - Øystein 2008-06-11 17:08:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1301 [GMT 2:00] Running from: C:\Users\Øystein\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-11 16:55 . 2008-06-11 16:55 <DIR> d-------- C:\Users\Øystein\AppData\Roaming\Malwarebytes 2008-06-11 16:55 . 2008-06-11 16:55 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-06-11 16:55 . 2008-06-11 16:55 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-06-11 16:55 . 2008-06-11 16:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-11 16:55 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-06-11 16:55 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-06-11 16:15 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-09 15:23 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-09 15:23 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-30 18:22 . 2008-05-30 18:22 <DIR> d-------- C:\Program Files\Opera 2008-05-18 11:57 . 2008-05-18 11:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 10:50 --------- d-----w C:\ProgramData\TrackMania 2008-06-11 09:24 177,145 ----a-w C:\Users\Øystein\AppData\Roaming\nvModes.dat 2008-06-09 15:43 --------- d-----w C:\Program Files\Windows Mail 2008-06-09 13:30 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-07 14:48 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-25 21:09 --------- d-----w C:\Program Files\Google 2008-05-13 15:45 --------- d-----w C:\Program Files\GG E-Sports Platform 2008-05-09 11:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 18:13 18,326,048 ----a-w C:\Users\Øystein\WoW-2.4.1.8125-to-0.4.2.8209-enGB-patch.exe 2008-05-02 18:13 18,326,048 ----a-w C:\Users\Øystein\WoW-2.4.1.8125-to-0.4.2.8209-enGB-patch.exe 2008-05-02 18:10 --------- d-----w C:\Users\Øystein\AppData\Roaming\Ventrilo 2008-04-24 15:33 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-04-24 15:32 315,392 ----a-w C:\Windows\HideWin.exe 2008-04-24 15:32 --------- d-----w C:\Program Files\Realtek 2008-04-24 15:10 --------- d-----w C:\Program Files\WIDCOMM 2008-04-24 15:06 --------- d-----w C:\Program Files\Winbond Electronics 2008-04-24 14:59 --------- d-----w C:\Program Files\Intel 2008-04-24 14:52 --------- d-----w C:\ProgramData\InstallShield 2008-04-24 14:52 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-24 14:42 --------- d-----w C:\ProgramData\NVIDIA 2008-04-24 14:38 174 --sha-w C:\Program Files\desktop.ini 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Journal 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Defender 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-24 14:28 --------- d-----w C:\Program Files\Windows Calendar 2008-04-24 13:52 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-04-24 13:52 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-18 14:56 --------- d-----w C:\Program Files\Java 2008-03-22 17:26 729,088 ----a-w C:\Windows\iun6002.exe 2008-03-17 19:17 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-03-14 17:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll 2008-03-14 17:36 17,212 ----atw C:\Windows\System32\SIntf32.dll 2008-03-14 17:36 12,067 ----atw C:\Windows\System32\SIntf16.dll 2008-03-13 23:25 94,208 ----a-w C:\Windows\DIIUnin.exe 2008-03-13 23:25 2,829 ----a-w C:\Windows\DIIUnin.pif . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TDxVGAUTIL"="C:\Windows\system32\TDxVGAUTIL.EXE" [2006-10-17 17:45 89768] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-19 16:37 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-19 16:36 8501792] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-19 16:37 81920] "PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-27 16:25 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-09-27 16:25 1826816 C:\Windows\SkyTel.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] C:\Users\ystein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCTLogon] MCTLogon.dll 2006-10-17 17:47 167592 C:\Windows\System32\MCTLogon.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{B36279CA-033F-4CDC-8CDB-962C5C736E41}C:\\spill\\warcraft iii\\war3.exe"= UDP:C:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{7C08CB77-C47C-4E74-AD90-0132FA36414A}C:\\spill\\warcraft iii\\war3.exe"= TCP:C:\spill\warcraft iii\war3.exe:Warcraft III "{4AC1ED64-889C-4116-BB78-E49016ECBAB2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7072414F-DE58-4634-91A0-9733A7954F99}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{3BA75D2E-C895-45E7-B6ED-C39D1BB53FF2}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{576C8103-2D5B-4BD6-ADB4-ABAFB710A985}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6087FDB6-C65C-4BB3-82C3-CEC58A3841FF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9CD56995-6791-4BE3-B2D9-4D82021C23CC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{1FB46863-0C20-474A-AA4B-5D71D5733D1E}C:\\users\\øystein\\desktop\\vba+pokeroms\\visualboyadvance.exe"= UDP:C:\users\øystein\desktop\vba+pokeroms\visualboyadvance.exe:visualboyadvance.exe "UDP Query User{CC42A532-C9CA-4070-8C06-D93818098D98}C:\\users\\øystein\\desktop\\vba+pokeroms\\visualboyadvance.exe"= TCP:C:\users\øystein\desktop\vba+pokeroms\visualboyadvance.exe:visualboyadvance.exe "TCP Query User{AE466D0A-044D-4EEC-A702-4644234E2468}C:\\users\\øystein\\desktop\\vbalink180b0\\visualboyadvance.exe"= UDP:C:\users\øystein\desktop\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "UDP Query User{579DA8B7-E192-4AE6-8242-4202C4599A7E}C:\\users\\øystein\\desktop\\vbalink180b0\\visualboyadvance.exe"= TCP:C:\users\øystein\desktop\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "TCP Query User{4E8B2E2C-E272-4E6E-AC79-5C2A97E07456}C:\\users\\øystein\\desktop\\vbalink173\\visualboyadvance.exe"= UDP:C:\users\øystein\desktop\vbalink173\visualboyadvance.exe:visualboyadvance.exe "UDP Query User{8C01CF73-DAE4-4802-85F6-B84C3F33316E}C:\\users\\øystein\\desktop\\vbalink173\\visualboyadvance.exe"= TCP:C:\users\øystein\desktop\vbalink173\visualboyadvance.exe:visualboyadvance.exe "TCP Query User{31E8B379-1FE5-49AD-BEFC-C0205715F94F}C:\\users\\øystein\\desktop\\gameboy\\vbalink180b0\\visualboyadvance.exe"= UDP:C:\users\øystein\desktop\gameboy\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "UDP Query User{0FFDF5B6-7224-4792-A6A8-D6528EA98B96}C:\\users\\øystein\\desktop\\gameboy\\vbalink180b0\\visualboyadvance.exe"= TCP:C:\users\øystein\desktop\gameboy\vbalink180b0\visualboyadvance.exe:visualboyadvance.exe "TCP Query User{996A98BE-EFA6-46CF-89CA-694C3E2AC140}C:\\spill\\wc3 1.20\\war3.exe"= UDP:C:\spill\wc3 1.20\war3.exe:war3 "UDP Query User{0F35C193-7F90-4AB8-827B-0BDD8851CD71}C:\\spill\\wc3 1.20\\war3.exe"= TCP:C:\spill\wc3 1.20\war3.exe:war3 "TCP Query User{76D68FFB-B37F-4F93-AD5E-6EFA42A79E48}C:\\spill\\warcraft iii\\war3.exe"= UDP:C:\spill\warcraft iii\war3.exe:Warcraft III "UDP Query User{3D1E13B6-38F1-4333-B1A1-35BB5DA54530}C:\\spill\\warcraft iii\\war3.exe"= TCP:C:\spill\warcraft iii\war3.exe:Warcraft III "{9D5CD078-2DB3-4E21-821C-8F7FE6C89164}"= UDP:C:\Spill\Battlefield 2\BF2.exe:Battlefield 2 "{DE7A0DD2-9160-4ADA-8C55-EDD20BF9B31F}"= TCP:C:\Spill\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{0868EE54-194A-4FE0-9505-36E7D3D53749}C:\\spill\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= UDP:C:\spill\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{15A59351-5928-40DB-BD21-3E520605EEC0}C:\\spill\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= TCP:C:\spill\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{3353B397-152B-4664-B5A4-B6BD4E528EDB}C:\\users\\øystein\\desktop\\warcraft iii on doit\\war3.exe"= UDP:C:\users\øystein\desktop\warcraft iii on doit\war3.exe:war3.exe "UDP Query User{33DB65E7-8701-4C8C-83DC-16CB889733FB}C:\\users\\øystein\\desktop\\warcraft iii on doit\\war3.exe"= TCP:C:\users\øystein\desktop\warcraft iii on doit\war3.exe:war3.exe "TCP Query User{9F5D0F35-9A9B-4065-87C6-EFE31E058866}C:\\program files\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client "UDP Query User{E01DAD6C-BF7D-4B00-B881-F3DD98E241AF}C:\\program files\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client "TCP Query User{75BA0D42-A3AC-4C98-AF93-12ED01E4F4FA}C:\\spill\\warcraft iii\\pickup.listchecker.exe"= UDP:C:\spill\warcraft iii\pickup.listchecker.exe:pickup.listchecker "UDP Query User{D5BC713D-AFCD-43D5-B2BA-080CF280D8DB}C:\\spill\\warcraft iii\\pickup.listchecker.exe"= TCP:C:\spill\warcraft iii\pickup.listchecker.exe:pickup.listchecker "TCP Query User{AEC2D0C4-749D-4D93-95FD-F028F10C3E4D}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{4B9BC648-3DC4-46A8-8AE4-F074C691D399}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++ "TCP Query User{2C212C25-6191-4B57-B8B5-4E0360064E31}C:\\spill\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= UDP:C:\spill\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "UDP Query User{475BB593-535E-443F-B95E-96C8BE8DFF2F}C:\\spill\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= TCP:C:\spill\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "TCP Query User{FFBCE3C7-E04E-483B-926C-6B574B10448F}C:\\spill\\battlefield 2\\bf2.exe"= UDP:C:\spill\battlefield 2\bf2.exe:BF2 "UDP Query User{22CB414D-4846-4ADD-9966-859A2AF27432}C:\\spill\\battlefield 2\\bf2.exe"= TCP:C:\spill\battlefield 2\bf2.exe:BF2 "TCP Query User{213D1D00-344B-47AD-BED2-F9913F814BD3}C:\\spill\\starcraft brood\\starcraft.exe"= UDP:C:\spill\starcraft brood\starcraft.exe:Starcraft "UDP Query User{73B1DA2C-6AAA-4422-9352-39FBCE0EC3E8}C:\\spill\\starcraft brood\\starcraft.exe"= TCP:C:\spill\starcraft brood\starcraft.exe:Starcraft "TCP Query User{45C33143-B5B8-4C29-B184-713237432321}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "UDP Query User{5C44E166-E725-4E01-974B-BDD991F6D52D}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java Platform SE binary "TCP Query User{C529F6AE-2063-420C-85AC-48250BC3909A}C:\\program files\\gg e-sports platform\\garena.exe"= UDP:C:\program files\gg e-sports platform\garena.exe:Garena "UDP Query User{FFD7C36A-7935-4312-805B-1B3C415AB708}C:\\program files\\gg e-sports platform\\garena.exe"= TCP:C:\program files\gg e-sports platform\garena.exe:Garena "TCP Query User{C30386D0-DCE1-4083-902F-26068248ED19}C:\\spill\\tmnationsforever\\tmforever.exe"= UDP:C:\spill\tmnationsforever\tmforever.exe:TmForever "UDP Query User{22F3CBAB-FC56-4551-92DD-5B95E33D6386}C:\\spill\\tmnationsforever\\tmforever.exe"= TCP:C:\spill\tmnationsforever\tmforever.exe:TmForever "TCP Query User{4B1DAE9F-B2C0-4605-A660-C104993D8370}C:\\users\\øystein\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ez64j8ff\\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe"= UDP:C:\users\øystein\appdata\local\microsoft\windows\temporary internet files\content.ie5\ez64j8ff\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe:wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe "UDP Query User{1CB69EBF-759A-4931-8422-7676D5E38DE4}C:\\users\\øystein\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ez64j8ff\\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe"= TCP:C:\users\øystein\appdata\local\microsoft\windows\temporary internet files\content.ie5\ez64j8ff\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe:wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[1].exe "TCP Query User{3FA94EB5-D265-42CA-9719-1FE82D75DB4F}C:\\users\\øystein\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ez64j8ff\\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe"= UDP:C:\users\øystein\appdata\local\microsoft\windows\temporary internet files\content.ie5\ez64j8ff\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe:wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe "UDP Query User{DEEC1ED0-1462-4A99-B5D2-E85FC67B1540}C:\\users\\øystein\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\ez64j8ff\\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe"= TCP:C:\users\øystein\appdata\local\microsoft\windows\temporary internet files\content.ie5\ez64j8ff\wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe:wow-2.4.1.8125-to-0.4.2.8209-engb-downloader[2].exe "TCP Query User{595EE0C8-E09E-4356-AE49-C148CA1801C3}C:\\spill\\drid cs\\hl.exe"= UDP:C:\spill\drid cs\hl.exe:Half-Life Launcher "UDP Query User{F2568230-196D-4F6F-AF53-8F72B238E0FF}C:\\spill\\drid cs\\hl.exe"= TCP:C:\spill\drid cs\hl.exe:Half-Life Launcher "TCP Query User{62D36781-E7ED-433D-AAA3-55C2D364C48A}C:\\spill\\tmnationsforever\\tmforever.exe"= UDP:C:\spill\tmnationsforever\tmforever.exe:TmForever "UDP Query User{E8BA8AF1-8D2B-45BD-8494-B6C78CCC00D9}C:\\spill\\tmnationsforever\\tmforever.exe"= TCP:C:\spill\tmnationsforever\tmforever.exe:TmForever "TCP Query User{0C51E8D9-8EB4-42F6-9177-8E70A51E0F80}C:\\spill\\drid cs\\hl.exe"= UDP:C:\spill\drid cs\hl.exe:Half-Life Launcher "UDP Query User{D738E10D-93C1-49BC-BFC1-E88608FEFB6A}C:\\spill\\drid cs\\hl.exe"= TCP:C:\spill\drid cs\hl.exe:Half-Life Launcher "TCP Query User{14498237-293D-406C-8350-F6A5F6D8B817}C:\\spill\\codename\\iplist.exe"= UDP:C:\spill\codename\iplist.exe:IPLIST "UDP Query User{C52C5024-5816-4A09-8308-9F4E5ECD1D98}C:\\spill\\codename\\iplist.exe"= TCP:C:\spill\codename\iplist.exe:IPLIST "TCP Query User{970434B2-859D-4E0A-B94F-15DFFE989865}C:\\spill\\codename\\lobby.exe"= UDP:C:\spill\codename\lobby.exe:LOBBY "UDP Query User{29DF8BCE-2F7A-4926-88F7-2377DEF98CEF}C:\\spill\\codename\\lobby.exe"= TCP:C:\spill\codename\lobby.exe:LOBBY "TCP Query User{C5176EE7-7989-4E92-A3D1-A6F10CFBF030}C:\\spill\\cod uo\\coduomp.exe"= UDP:C:\spill\cod uo\coduomp.exe:CoDUOMP "UDP Query User{5E2A6A59-CD2E-4865-9C8B-58369901DBB9}C:\\spill\\cod uo\\coduomp.exe"= TCP:C:\spill\cod uo\coduomp.exe:CoDUOMP R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;C:\Windows\system32\drivers\ianvstor.sys [2007-03-11 01:11] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 06:25] S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;C:\Windows\system32\DRIVERS\ADM851X.SYS [2003-12-19 14:44] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 03:46] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 14:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 14:20] S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 22:22] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f1f437-c68c-11dc-9681-806e6f6e6963}] \shell\AutoRun\command - D:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1736151-f195-11dc-a7f2-001b2454b318}] \shell\AutoRun\command - H:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1736152-f195-11dc-a7f2-001b2454b318}] \shell\AutoRun\command - I:\SETUP.EXE *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 17:12:39 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-11 17:13:41 ComboFix-quarantined-files.txt 2008-06-11 15:13:33 Pre-Run: 82,365,591,552 byte ledig Post-Run: 82,759,565,312 byte ledig 185 --- E O F --- 2008-06-09 13:30:28 Endret 11. juni 2008 av Zenex Lenke til kommentar
snippsat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Du har nok fått bort grumset viss du har hatt noe. loggen er ren for infeksjoner. Slette temp filer. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" Start->kjør->combofix /u Systemgjenopprettingsmappa blir nullstilt. Surf trygt. Endret 11. juni 2008 av SNIPPSAT Lenke til kommentar
Zenex Skrevet 11. juni 2008 Forfatter Del Skrevet 11. juni 2008 (endret) Forstår ikke hvorfor viruset har forsvunnet, er sikker på at jeg fikk det :o jaja, har selvfølgelig ikke noe imot at det er vekke Tusen takk for hjelpen, kjører CCleaner nå! Endret 11. juni 2008 av Zenex Lenke til kommentar
snippsat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) De flest antivir produsenter har fått oppdateringer som fixer denne msn-youtube infeksjonen nå. Da kan det jo tenkes at avast har ordnet opp. Endret 11. juni 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå