ugelvika Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 heisann! var så dum at jeg har fått msn viruset kjørte combofix, så nå får dere loggen.. håper dere kan hjelpe meg verktøylinja nederst forsvinner til tider, og jeg ser når den åpner samtaler på msn for å sende link videre.. prøver å avslutte mesn så fort jeg kan ivertfall her er loggen! må bare si ifra vist noe er feil ComboFix 08-06-10.5 - stein ole 2008-06-12 0:18:18.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1069 [GMT 2:00] Running from: C:\Users\stein ole\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DRV\Tuner\Yuan\Resources\_desktop.ini C:\Program Files\ShoppingReport C:\Windows\system32\ACER.exe C:\Windows\system32\awtqnkhe.dll C:\Windows\system32\byXQHwVM.dll C:\Windows\system32\cbXPgdDV.dll C:\Windows\system32\cbXRIbCV.dll C:\Windows\system32\efcATKET.dll C:\Windows\system32\hgGxYRhH.dll C:\Windows\System32\hilTCcdd.ini C:\Windows\System32\hilTCcdd.ini2 C:\Windows\system32\khfDsrrO.dll C:\Windows\system32\khfFYSIC.dll C:\Windows\system32\nnnoPGAT.dll C:\Windows\system32\opNgEuSM.dll C:\Windows\system32\OrrsDfhk.ini C:\Windows\System32\OrrsDfhk.ini2 C:\Windows\system32\oxmtnjki.dll C:\Windows\system32\oydeufkx.ini C:\Windows\system32\pyqudklp.dll C:\Windows\system32\rccdprkm.ini C:\Windows\system32\rqRHxwVP.dll C:\Windows\system32\tuvTjKBT.dll C:\Windows\system32\vcpdydmj.dll C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-12 00:23 . 2008-06-12 00:23 0 --a------ C:\is15932.exe 2008-06-12 00:16 . 2008-06-12 00:16 <DIR> d-------- C:\327882R2FWJFW 2008-06-12 00:06 . 2008-06-12 00:06 80,896 --a------ C:\Windows\System32\mkrpdccr.dll 2008-06-11 17:48 . 2008-06-11 18:29 <DIR> d-------- C:\Users\nils ivar\AppData\Roaming\Winamp 2008-06-11 16:34 . 2008-06-11 16:34 2,232 --a------ C:\mzdza.exe 2008-06-11 13:32 . 2008-06-11 13:33 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music 2008-06-11 13:25 . 2008-06-11 14:51 <DIR> d-------- C:\Users\nils ivar\AppData\Roaming\LimeWire 2008-06-11 13:24 . 2008-06-11 13:24 81,007 --a------ C:\Windows\System32\rgyqggny.dll 2008-06-11 13:18 . 2008-06-11 13:18 2,232 --a------ C:\is155815.exe 2008-06-10 22:56 . 2008-06-10 23:01 483,576 --a------ C:\Windows\lolz.exe 2008-06-10 22:16 . 2008-06-10 22:38 29,334 --a------ C:\Image0654782.com 2008-06-10 21:38 . 2008-06-10 21:38 147,456 --a------ C:\Windows\System32\xkfuedyo.dll 2008-06-10 21:09 . 2008-06-10 21:09 115,215 --a------ C:\sexy.exe 2008-06-10 20:14 . 2008-06-10 22:16 29,334 -r-hs---- C:\Windows\winudmr.exe 2008-06-08 17:53 . 2008-06-08 17:53 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-08 17:50 . 2008-06-08 17:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-08 17:43 . 2008-06-08 17:43 <DIR> dr-h----- C:\MSOCache 2008-05-29 23:47 . 2008-05-29 23:47 <DIR> d-------- C:\Users\stein ole\AppData\Roaming\Clue 2008-05-29 23:47 . 2008-05-30 01:03 <DIR> d-------- C:\Program Files\Clue 2008-05-28 15:35 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 15:35 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-26 20:04 . 2008-05-26 20:05 <DIR> d-------- C:\fotoknudsen 2008-05-26 00:31 . 2008-06-11 17:12 <DIR> dr-h----- C:\$VAULT$.AVG 2008-05-16 15:11 . 2008-05-16 15:11 244 --ah----- C:\sqmnoopt00.sqm 2008-05-16 15:11 . 2008-05-16 15:11 232 --ah----- C:\sqmdata00.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 21:58 --------- d-----w C:\Users\stein ole\AppData\Roaming\AVG7 2008-06-11 13:42 83,257 ----a-w C:\Users\stein ole\AppData\Roaming\nvModes.dat 2008-06-11 11:19 --------- d-----w C:\Users\nils ivar\AppData\Roaming\AVG7 2008-06-10 07:23 27,715 ----a-w C:\Users\nils ivar\AppData\Roaming\nvModes.dat 2008-06-09 11:44 --------- d-----w C:\Users\stein ole\AppData\Roaming\uTorrent 2008-06-09 09:34 --------- d-----w C:\Users\stein ole\AppData\Roaming\dvdcss 2008-06-09 07:13 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-08 16:30 --------- d-----w C:\Users\stein ole\AppData\Roaming\LimeWire 2008-06-08 15:56 --------- d-----w C:\Program Files\MSBuild 2008-06-08 15:56 --------- d-----w C:\Program Files\Microsoft Works 2008-05-29 21:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-27 19:08 --------- d-----w C:\ProgramData\TrackMania 2008-05-15 01:01 --------- d-----w C:\Program Files\Windows Mail 2008-05-03 17:08 --------- d-----w C:\Users\ane torine\AppData\Roaming\AVG7 2008-04-26 15:29 --------- d-----w C:\Program Files\TmNationsForever 2008-04-21 14:25 27,810 ----a-w C:\Users\ane torine\AppData\Roaming\nvModes.dat 2008-03-13 16:12 27,335 ----a-w C:\Users\anita.ugelvik\AppData\Roaming\nvModes.dat 2007-12-20 12:11 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5B8865C-5B03-4457-A49E-7BD7A7C874B4}] C:\Windows\system32\ddcCTlih.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 04:01 1232896] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920] "BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-08 21:48 53248] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744] "eRecoveryService"="" [] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:11 579584] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Windows Controls Center"="winudmr.exe" [2008-06-10 22:16 29334 C:\Windows\winudmr.exe] "0814524f"="C:\Windows\system32\mkrpdccr.dll" [2008-06-12 00:06 80896] "MSServer"="C:\Windows\system32\tuvSmlKB.dll" [2008-06-12 00:24 33280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-19 23:08 219136] C:\Users\nils ivar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-29 22:50:57 106496] C:\Users\stein ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-29 22:50:57 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C5B8495C-20BC-493C-8613-E4F6E5790B88}"= C:\Windows\system32\tuvSmlKB.dll [2008-06-12 00:24 33280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-12-19 23:08 9216 C:\Windows\System32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^stein ole^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Users\stein ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\Windows\pss\Last.fm Helper.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^stein ole^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Users\stein ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk backup=C:\Windows\pss\Xfire.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] --a------ 2007-04-03 18:50 1603152 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] --a------ 2007-05-14 18:01 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2007-12-19 22:13 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio] --------- 2007-06-11 15:54 1286144 C:\Acer\Empowering Technology\eAudio\eAudio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-25 16:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-06-27 11:15 752136 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2007-02-04 13:02 79400 C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 14:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel] C:\Acer\APanel\APanel.cmd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 22:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-158653614-380792648-2276481776-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{AAE65792-0A60-4482-A603-4647BA443C9E}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{8FAC152D-71B0-4AB3-AF32-A484464A389D}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{EABB8868-658F-4A04-816B-156057A854AA}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{093D3A9B-D1D0-46B7-86BD-D718FDC5EB16}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{BF7DDA21-75F0-430B-8502-77A7F286B251}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{89EB87BB-4DF6-4FAD-9F44-66FF7DC62B77}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{9AD9E616-03C8-47A3-8DD5-1C3E255D0A4E}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "{AF1F053F-F7CE-4AA1-8E0B-8C8272554B6F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{3E317775-1FBC-4902-9678-8F414B9D25B8}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{2E433948-2EAC-432E-9DC4-F210DBD694EA}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps "UDP Query User{B0F5E343-8BA3-45C2-9BB3-4D12FA7D3488}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps "{F521AF47-D211-45C9-B7E8-3D28E6959250}"= Disabled:UDP:53300:utorrent "TCP Query User{D43BCC4D-8366-41F4-A00C-B40635C2756F}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{059461BE-2127-4342-B4A6-0DE68F298819}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{575CAD4B-539F-4B43-8CAC-7830698990F2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{59BDBAA8-E617-4886-A819-AEACA8E1785B}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{C1540275-90F2-4809-B4DE-0AA3414135F7}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2 "UDP Query User{8F632E4A-F7EE-42EC-95C5-229A17198895}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2 "TCP Query User{D5060372-71AA-4753-B467-3E2C62BD44AB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{BAFA3CF9-D1F4-4EDA-8A8F-45229F26E580}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{EAC64814-A3CF-41DB-9671-DA730EFDD91E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{B0EF5A8B-5D97-4A5B-AC35-D5676298275C}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{0AF204A2-0955-4837-98E3-C49F2FF36E32}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{15441E86-47BA-4C4C-82A3-6327DB4E58EA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{3763556F-D2E6-4F2B-BCB6-8F4BD1CDD2A0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C482DF62-B8BF-4BE3-BF0C-22BB0898B3C7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{A4576C5B-2615-4D6C-91EF-A2FC2EAF3263}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{3D14811E-E5CA-44EE-8CBA-8A3D7C06B828}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{54F1F635-0CEB-46FA-88D7-2F57586756B8}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{2486FFB4-8AC6-43FD-922A-BDDD284B4700}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{50664E41-6948-4B52-B758-1BEBC53B63DC}C:\\users\\stein ole\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\stein ole\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{4C98B124-1599-471B-8FB8-0DAE5978ECA7}C:\\users\\stein ole\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\stein ole\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{89CF3F41-3A22-42C9-899F-A24D44B51F60}C:\\program files\\winamp remote\\bin\\orbtray.exe"= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb "UDP Query User{BE35E7B2-15DB-4D3D-98F0-603024D96FFE}C:\\program files\\winamp remote\\bin\\orbtray.exe"= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb "TCP Query User{CBD029F8-6B35-41BC-B650-C9EB20ECDDAE}C:\\program files\\winamp remote\\bin\\orbir.exe"= UDP:C:\program files\winamp remote\bin\orbir.exe: "UDP Query User{606687C4-D8ED-43DA-97EE-864183457B2D}C:\\program files\\winamp remote\\bin\\orbir.exe"= TCP:C:\program files\winamp remote\bin\orbir.exe: "TCP Query User{25710902-4241-421A-8916-2B01C9D38045}C:\\program files\\winamp remote\\bin\\orb.exe"= UDP:C:\program files\winamp remote\bin\orb.exe:Orb Application "UDP Query User{87A718B6-F034-4F88-977A-BD983EB9ED41}C:\\program files\\winamp remote\\bin\\orb.exe"= TCP:C:\program files\winamp remote\bin\orb.exe:Orb Application "TCP Query User{D0146114-2F8F-4B9E-B2C5-2BB327EAD93D}D:\\film\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= UDP:D:\film\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited "UDP Query User{595FE725-9752-4146-9C39-A6E81680B180}D:\\film\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= TCP:D:\film\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:Test Drive Unlimited "{3F6967B7-3F80-4E44-823E-388129F39B29}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{43D3C581-436C-4517-9B5C-8AC0E239ACEB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B854127D-4C3F-44BA-BF42-767641709F24}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{BDA4EE05-62BD-49B2-A711-025B5FD7B5C9}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "{A2CE2B0A-A842-4FD6-A49D-614E8934DAA6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B09FDD4C-9477-4E69-B5EC-5DC958999B15}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C6F49098-0497-41F9-B0D2-6399A83218C0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3F8B7BC1-7238-474F-808A-69671949FB2D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6DD145AA-3E88-4159-9480-ADEEC807E2C9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51] R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 16:15] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d5ddd-ff21-11dc-ba2d-001b38645722}] \shell\AutoRun\command - H:\Konkurranse_klikk_her.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa835a7-b267-11dc-808d-b535e73a2875}] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7147f53a-c46b-11dc-b51b-d43f216f7b45}] \shell\AutoRun\command - G:\Autorun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 00:23:20 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\tuvSmlKB.dll PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\mkrpdccr.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint2K\ApntEx.exe C:\Users\STEINO~1\AppData\Local\Temp\RtkBtMnt.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\System32\drivers\XAudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\System32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2008-06-12 0:26:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 22:26:00 Pre-Run: 21,552,349,184 byte ledig Post-Run: 21,358,358,528 byte ledig 300 --- E O F --- 2008-06-09 07:13:49 Lenke til kommentar
norbat Skrevet 11. juni 2008 Del Skrevet 11. juni 2008 (endret) Det ligger fortsatt filer igjen, men før vi tar dem manuelt, gjør du følgende: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så påFjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster sammen med ny combofix-logg (kjør derfor combofix etter Malwarebytes A-M). Endret 11. juni 2008 av norbat Lenke til kommentar
ugelvika Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 (endret) m Endret 1. august 2010 av ugelvika Lenke til kommentar
norbat Skrevet 13. juni 2008 Del Skrevet 13. juni 2008 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\mzdza.exe C:\Windows\System32\rgyqggny.dll C:\Windows\lolz.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5B8865C-5B03-4457-A49E-7BD7A7C874B4}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5B8495C-20BC-493C-8613-E4F6E5790B88}] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C5B8495C-20BC-493C-8613-E4F6E5790B88}"=- Post ny combofix-logg Lenke til kommentar
ugelvika Skrevet 13. juni 2008 Forfatter Del Skrevet 13. juni 2008 (endret) O F --- 2008-06-13 13:51:10 Endret 1. august 2010 av ugelvika Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå