Gå til innhold

Trojan på Temporary Internet Files

Crowley_

Av Crowley_
i IKT-drift og sikkerhet

Anbefalte innlegg

Crowley_

Crowley_

Skrevet
Skrevet

Hei, jeg har en trojan i Temporary Internet Files på Firefox.

AVG klarer å heale alle, unntatt en, men de kommer alltid tilbake igjen.

Går ikke å slette filene heller. De bare kommer tilbake.

 

Grunnen til viruset var at tenkte på å skaffe meg et virusprogram (Tenkte selvfølgelig ikke på AVG da), og lasta ned en etter et søk på google. Jeg kom til der jeg skulle velge om jeg ville kjøre eller lagre filen. Jeg kjørte, og dermed skjedde det ikke mer. Så fikk jeg opp noen popups, som kommer når de selv vil, samt Security Alert osv.

 

Lasta ned CCleaner også, men etter at jeg har analysert, og skal kjøre den, så får jeg en blå feilmelding, og pc-en restartes. Noen tips til hva jeg burde gjøre?

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Crowley_

Crowley_

Skrevet
  • Forfatter
Skrevet (endret)

ComboFix 08-03-27.1 - Roar 2008-03-28 20:05:23.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.262 [GMT 1:00]

Running from: C:\Documents and Settings\Roar\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programfiler\Helper

 

.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))

.

 

2008-03-28 19:42 . 2008-03-28 19:42 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-03-28 19:42 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-03-28 19:42 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-03-28 19:42 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-03-28 19:41 . 2008-03-28 19:41 3,461 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-28 19:40 . 2008-03-28 19:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-28 19:40 . 2008-03-28 19:40 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-28 16:54 . 2008-03-28 17:00 <DIR> d-------- C:\Programfiler\Everest Poker

2008-03-27 22:59 . 2008-03-27 22:59 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-26 15:50 . 2008-03-28 15:21 <DIR> d-------- C:\Programfiler\MalwareWar 7.3

2008-03-26 15:50 . 2008-03-28 15:21 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-26 00:00 . 2008-03-28 14:42 <DIR> d-------- C:\Programfiler\NetProject

2008-03-25 22:19 . 2008-03-26 16:48 <DIR> d-------- C:\Programfiler\WinVorbis

2008-03-23 19:57 . 2008-03-23 19:57 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Leadertech

2008-03-22 00:36 . 2008-03-22 00:36 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-16 17:09 . 2008-03-28 14:11 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\AVG7

2008-03-16 17:09 . 2008-03-16 17:09 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-16 17:09 . 2008-03-16 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-16 17:09 . 2008-03-17 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-16 15:04 . 2008-03-16 15:17 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\fretsonfire

2008-03-15 22:11 . 2008-03-25 23:02 <DIR> d-------- C:\Programfiler\Conduit

2008-03-15 21:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-15 02:49 . 2008-03-15 02:57 61,257 --a------ C:\WINDOWS\War3Unin.dat

2008-03-15 02:48 . 2008-03-15 02:53 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-03-15 02:48 . 2008-03-15 02:53 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-03-14 17:02 . 2008-03-14 17:02 <DIR> d-------- C:\Programfiler\Fellesfiler\PocketSoft

2008-03-14 17:02 . 2001-04-12 18:00 182,272 --a------ C:\WINDOWS\patchw32.dll

2008-03-14 17:01 . 2008-03-14 17:02 <DIR> d-------- C:\Programfiler\Ubi Soft Games

2008-03-10 01:06 . 2008-03-10 01:06 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-10 01:05 . 2008-03-10 01:05 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared

2008-03-10 01:05 . 2008-03-10 01:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Real

2008-03-10 01:05 . 2008-03-10 01:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-07 15:06 . 2008-03-07 15:12 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Pro Cycling Manager 2007

2008-03-06 20:43 . 2008-03-06 21:28 <DIR> d-------- C:\Programfiler\Metin2_UK

2008-03-05 18:38 . 2008-03-05 18:38 <DIR> d-------- C:\Programfiler\directx

2008-03-05 18:37 . 2008-03-05 18:37 <DIR> d-------- C:\Programfiler\Rockstar Games

2008-03-05 17:00 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-03-05 00:37 . 2008-03-07 23:44 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\BearShare

2008-03-05 00:37 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-03-03 23:03 . 2008-03-15 03:47 <DIR> d-------- C:\Soldat

2008-03-03 16:26 . 2008-03-03 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-03-03 00:38 . 2008-03-03 00:38 0 --a------ C:\WINDOWS\PowerReg.dat

2008-03-03 00:36 . 2008-03-03 00:36 <DIR> d-------- C:\Programfiler\Infogrames Interactive

2008-03-02 02:06 . 2008-03-02 02:06 <DIR> d-------- C:\Documents and Settings\Roar\WINDOWS

2008-02-29 23:48 . 2008-03-18 22:55 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\dvdcss

2008-02-29 21:02 . 2001-08-18 06:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2008-02-29 21:02 . 2001-08-18 06:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll

2008-02-29 21:02 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

2008-02-29 21:02 . 2001-08-17 22:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll

2008-02-28 18:52 . 2008-02-28 18:52 <DIR> d-------- C:\Programfiler\iTunes

2008-02-28 18:52 . 2008-02-28 18:52 <DIR> d-------- C:\Programfiler\iPod

2008-02-28 18:52 . 2008-03-28 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-28 18:52 . 2008-02-28 18:52 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 14:20 --------- d-----w C:\Programfiler\BitLord

2008-03-28 13:10 5 ----a-w C:\NPF_USER.DAT

2008-03-28 13:08 --------- d-----w C:\Programfiler\Norman

2008-03-25 20:04 --------- d-----w C:\Documents and Settings\Roar\Programdata\LimeWire

2008-03-21 18:48 13,312 --s-a-w C:\WINDOWS\system32\sozctue.dll

2008-03-21 18:45 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-15 20:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-15 04:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-15 03:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-03-10 00:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-03-03 19:42 --------- d-----w C:\Programfiler\Google

2008-03-03 15:35 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-03-02 16:40 --------- d-----w C:\Documents and Settings\Roar\Programdata\My Battle for Middle-earth II Files

2008-03-02 15:25 --------- d-----w C:\Programfiler\DAEMON Tools

2008-02-23 17:24 --------- d-----w C:\Documents and Settings\Roar\Programdata\vlc

2008-02-23 17:23 --------- d-----w C:\Programfiler\VideoLAN

2008-02-23 09:14 --------- d-----w C:\Documents and Settings\Roar\Programdata\Xfire

2008-02-23 09:13 --------- d-s---w C:\Programfiler\Xfire

2008-02-22 12:26 --------- d-----w C:\Programfiler\Bethesda Softworks

2008-02-21 00:47 --------- d-----w C:\Documents and Settings\Roar\Programdata\Apple Computer

2008-02-21 00:46 --------- d-----w C:\Programfiler\QuickTime

2008-02-21 00:46 --------- d-----w C:\Programfiler\Bonjour

2008-02-21 00:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-02-21 00:45 --------- d-----w C:\Programfiler\Apple Software Update

2008-02-21 00:44 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-02-21 00:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-02-20 22:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-18 16:39 --------- d-----w C:\Programfiler\Windows Live

2008-02-18 16:38 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-18 16:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-02-18 14:07 --------- d-----w C:\Documents and Settings\Roar\Programdata\Sports Interactive

2008-02-18 14:01 22,328 ----a-w C:\Documents and Settings\Roar\Programdata\PnkBstrK.sys

2008-02-18 13:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-18 13:46 --------- d--h--r C:\Documents and Settings\Roar\Programdata\SecuROM

2008-02-18 13:45 --------- d--h--w C:\Programfiler\Zero G Registry

2008-02-18 13:44 --------- d-----w C:\Programfiler\Sports Interactive

2008-02-18 13:26 0 ----a-r C:\logwmemory.bin

2008-02-18 12:26 --------- d-----w C:\Documents and Settings\Roar\Programdata\ATI

2008-02-18 12:23 --------- d-----w C:\Programfiler\ATI Technologies

2008-02-18 12:10 --------- d-----w C:\Programfiler\Realtek

2008-02-18 12:07 --------- d-----w C:\Programfiler\Launch Manager

2008-02-18 12:02 --------- d-----w C:\Programfiler\Intel

2008-02-18 11:32 --------- d-----w C:\Programfiler\DIFX

2008-02-18 11:31 557,056 ----a-w C:\WINDOWS\system32\Netw2c32.dll

2008-02-18 11:31 2,732,032 ----a-w C:\WINDOWS\system32\Netw2r32.dll

2008-02-18 10:56 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-02-18 08:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Drivers HeadQuarters

2008-02-16 23:22 --------- d-----w C:\Documents and Settings\Roar\Programdata\Norman

2008-02-16 21:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\InstallShield

2008-02-16 21:19 --------- d-----w C:\Programfiler\Java

2008-02-16 21:19 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-02-16 20:04 --------- d-----w C:\Programfiler\D-Link

2008-02-16 20:04 --------- d-----w C:\Programfiler\ANI

2008-02-16 16:23 --------- d-----w C:\Programfiler\microsoft frontpage

2008-02-16 16:22 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-02-16 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

C:\Programfiler\NetProject\sbmdl.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Programfiler\NetProject\wamdl.dll" [ ]

 

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Programfiler\NetProject\wamdl.dll [ ]

 

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

"AlcoholAutomount"="D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07 1249280]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54 45056]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-04-27 14:02 183352]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-08-17 10:05 61440]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2005-03-16 13:52 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-09-02 15:14 81920]

"RTHDCPL"="RTHDCPL.EXE" [2005-10-24 09:52 14820864 C:\WINDOWS\RTHDCPL.EXE]

"AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-10-24 09:52 53248]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 00:40 57344]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-10 01:05 185896]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 01:20 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 01:20 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

ATI CATALYST-systemstatusfelt.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36 57344]

PowerReg Scheduler.exe [2008-03-14 17:02:46 256000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"some"= C:\Programfiler\NetProject\scit.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"D:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

 

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]

R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]

S1 tdidrv32.sys;tdidrv32.sys;C:\WINDOWS\system32\tdidrv32.sys []

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

*Newly Created Service* - UPNPHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-27 18:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 20:09:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-28 20:10:32

ComboFix-quarantined-files.txt 2008-03-28 19:10:26

Pre-Run: 7,437,094,912 byte ledig

Post-Run: 7,430,324,224 byte ledig

.

2008-03-12 13:02:32 --- E O F ---

 

 

 

 

 

 

There u go :thumbup:

Endret av Doppe
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Se om du får avinstallert fra legg til / fjern programmer:

MalwareWar 7.3

BearShare

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\sozctue.dll

 

Folder::

C:\Programfiler\MalwareWar 7.3

C:\Programfiler\NetProject

C:\Documents and Settings\Roar\Programdata\BearShare

 

Driver::

tdidrv32.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-

[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"some"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]

 

Kjør deretter en quick scan med SAS (gratisversjonen).

 

Post den ny combofix-loggen + loggen fra SAS (preferences->statistics/logs).

Endret av norbat
Lenke til kommentar
Crowley_

Crowley_

Skrevet
  • Forfatter
Skrevet
Se om du får avinstallert fra legg til / fjern programmer:

MalwareWar 7.3

BearShare

 

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\sozctue.dll

 

Folder::

C:\Programfiler\MalwareWar 7.3

C:\Programfiler\NetProject

C:\Documents and Settings\Roar\Programdata\BearShare

 

Driver::

tdidrv32.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-

[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"some"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]

 

Kjør deretter en quick scan med SAS (gratisversjonen).

 

Post den ny combofix-loggen + loggen fra SAS (preferences->statistics/logs).

Combofix:

 

ComboFix 08-03-27.1 - Roar 2008-03-28 20:56:51.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.113 [GMT 1:00]

Running from: C:\Documents and Settings\Roar\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Roar\Skrivebord\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\sozctue.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Roar\Programdata\BearShare

C:\Documents and Settings\Roar\Programdata\BearShare\Creatives.xml

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\10.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1040.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1043.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1044.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1050.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1054.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1055.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1057.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1058.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1060.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1062.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1063.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1070.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\11.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\12.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\13.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\14.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\15.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\16.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\17.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\18.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\19.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\2.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\20.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\21.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\22.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\23.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\24.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\25.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\26.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\27.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\28.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\29.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\3.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\30.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\31.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\32.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\33.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\34.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\35.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\36.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\37.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\38.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\4.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\5.gif

 

SAS:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/28/2008 at 09:20 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3412

Trace Rules Database Version: 1404

 

Scan type : Quick Scan

Total Scan Time : 00:09:15

 

Memory items scanned : 654

Memory threats detected : 0

Registry items scanned : 339

Registry threats detected : 3

File items scanned : 4499

File threats detected : 16

 

Trojan.Smitfraud Variant/IE Anti-Spyware

HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

 

Adware.Tracking Cookie

C:\Documents and Settings\Roar\Cookies\roar@doubleclick[1].txt

C:\Documents and Settings\Roar\Cookies\[email protected][2].txt

C:\Documents and Settings\Roar\Cookies\roar@statcounter[1].txt

C:\Documents and Settings\Roar\Cookies\roar@imrworldwide[1].txt

C:\Documents and Settings\Roar\Cookies\[email protected][1].txt

C:\Documents and Settings\Roar\Cookies\roar@advancedcleaner[1].txt

C:\Documents and Settings\Roar\Cookies\roar@atdmt[2].txt

C:\Documents and Settings\Roar\Cookies\[email protected][2].txt

C:\Documents and Settings\Roar\Cookies\[email protected][1].txt

C:\Documents and Settings\Roar\Cookies\roar@antispykit[1].txt

C:\Documents and Settings\Roar\Cookies\[email protected][2].txt

C:\Documents and Settings\Roar\Cookies\roar@advertising[2].txt

C:\Documents and Settings\Roar\Cookies\roar@tradedoubler[2].txt

C:\Documents and Settings\Roar\Cookies\roar@adtech[1].txt

 

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url

C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url

 

Trojan.Media-Codec/V4

HKCR\videoPl.chl

HKCR\videoPl.chl\CLSID

 

 

 

 

 

Virker som det er borte nå.

Lenke til kommentar
Crowley_

Crowley_

Skrevet
  • Forfatter
Skrevet

ComboFix 08-03-27.1 - Roar 2008-03-28 20:56:51.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.113 [GMT 1:00]

Running from: C:\Documents and Settings\Roar\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Roar\Skrivebord\CFScript.txt

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\sozctue.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Roar\Programdata\BearShare

C:\Documents and Settings\Roar\Programdata\BearShare\Creatives.xml

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\10.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1040.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1043.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1044.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1050.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1054.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1055.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1057.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1058.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1060.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1062.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1063.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\1070.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\11.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\12.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\13.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\14.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\15.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\16.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\17.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\18.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\19.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\2.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\20.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\21.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\22.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\23.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\24.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\25.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\26.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\27.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\28.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\29.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\3.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\30.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\31.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\32.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\33.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\34.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\35.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\36.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\37.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\38.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\4.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\5.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\6.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\7.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\8.gif

C:\Documents and Settings\Roar\Programdata\BearShare\CreativesFiles\9.gif

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.001

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.002

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.003

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.004

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.005

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\__db.006

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\BackUp\DataDir\ContentDirs.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\BackUp\DataDir\ContentFile.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\BackUp\DataDir\DownloadFile.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\BackUp\DataDir\PartsHashes.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\BackUp\DataDir\Playlists.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\DataDir\ContentDirs.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\DataDir\ContentFile.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\DataDir\DownloadFile.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\DataDir\PartsHashes.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\DataDir\Playlists.db

C:\Documents and Settings\Roar\Programdata\BearShare\Data\DataBase\LgDir\log.0000000001

C:\Documents and Settings\Roar\Programdata\BearShare\Data\rjn.a92

C:\Documents and Settings\Roar\Programdata\BearShare\IMPictures\32381309.gif

C:\Documents and Settings\Roar\Programdata\BearShare\Statistics.xml

C:\Programfiler\MalwareWar 7.3

C:\Programfiler\MalwareWar 7.3\MalwareWar.ini

C:\Programfiler\NetProject

C:\Programfiler\NetProject\ot.ico

C:\Programfiler\NetProject\scit.exe

C:\Programfiler\NetProject\ts.ico

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\system32\sozctue.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDIDRV32.SYS

-------\Service_tdidrv32.sys

 

 

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))

.

 

2008-03-28 19:42 . 2008-03-28 19:42 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-03-28 19:42 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-03-28 19:42 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-03-28 19:42 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-03-28 19:41 . 2008-03-28 19:41 3,461 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-03-28 19:40 . 2008-03-28 19:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-28 16:54 . 2008-03-28 17:00 <DIR> d-------- C:\Programfiler\Everest Poker

2008-03-27 22:59 . 2008-03-27 22:59 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-26 15:50 . 2008-03-28 15:21 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-03-25 22:19 . 2008-03-26 16:48 <DIR> d-------- C:\Programfiler\WinVorbis

2008-03-23 19:57 . 2008-03-23 19:57 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Leadertech

2008-03-22 00:36 . 2008-03-22 00:36 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-16 17:09 . 2008-03-28 14:11 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\AVG7

2008-03-16 17:09 . 2008-03-16 17:09 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-03-16 17:09 . 2008-03-16 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-03-16 17:09 . 2008-03-17 01:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-03-16 15:04 . 2008-03-16 15:17 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\fretsonfire

2008-03-15 22:11 . 2008-03-25 23:02 <DIR> d-------- C:\Programfiler\Conduit

2008-03-15 21:11 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-15 02:49 . 2008-03-15 02:57 61,257 --a------ C:\WINDOWS\War3Unin.dat

2008-03-15 02:48 . 2008-03-15 02:53 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-03-15 02:48 . 2008-03-15 02:53 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-03-14 17:02 . 2008-03-14 17:02 <DIR> d-------- C:\Programfiler\Fellesfiler\PocketSoft

2008-03-14 17:02 . 2001-04-12 18:00 182,272 --a------ C:\WINDOWS\patchw32.dll

2008-03-14 17:01 . 2008-03-14 17:02 <DIR> d-------- C:\Programfiler\Ubi Soft Games

2008-03-10 01:06 . 2008-03-10 01:06 25 --a------ C:\WINDOWS\cdplayer.ini

2008-03-10 01:05 . 2008-03-10 01:05 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared

2008-03-10 01:05 . 2008-03-10 01:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Real

2008-03-10 01:05 . 2008-03-10 01:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-03-07 15:06 . 2008-03-07 15:12 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\Pro Cycling Manager 2007

2008-03-06 20:43 . 2008-03-06 21:28 <DIR> d-------- C:\Programfiler\Metin2_UK

2008-03-05 18:38 . 2008-03-05 18:38 <DIR> d-------- C:\Programfiler\directx

2008-03-05 18:37 . 2008-03-05 18:37 <DIR> d-------- C:\Programfiler\Rockstar Games

2008-03-05 17:00 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-03-03 23:03 . 2008-03-15 03:47 <DIR> d-------- C:\Soldat

2008-03-03 16:26 . 2008-03-03 16:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-03-03 00:38 . 2008-03-03 00:38 0 --a------ C:\WINDOWS\PowerReg.dat

2008-03-03 00:36 . 2008-03-03 00:36 <DIR> d-------- C:\Programfiler\Infogrames Interactive

2008-03-02 02:06 . 2008-03-02 02:06 <DIR> d-------- C:\Documents and Settings\Roar\WINDOWS

2008-02-29 23:48 . 2008-03-18 22:55 <DIR> d-------- C:\Documents and Settings\Roar\Programdata\dvdcss

2008-02-29 21:02 . 2001-08-18 06:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2008-02-29 21:02 . 2001-08-18 06:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll

2008-02-29 21:02 . 2001-08-17 22:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll

2008-02-29 21:02 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

2008-02-29 21:02 . 2001-08-17 22:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll

2008-02-28 18:52 . 2008-02-28 18:52 <DIR> d-------- C:\Programfiler\iTunes

2008-02-28 18:52 . 2008-02-28 18:52 <DIR> d-------- C:\Programfiler\iPod

2008-02-28 18:52 . 2008-03-28 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-28 18:52 . 2008-02-28 18:52 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-28 20:05 5 ----a-w C:\NPF_USER.DAT

2008-03-28 20:03 --------- d-----w C:\Programfiler\Norman

2008-03-28 14:20 --------- d-----w C:\Programfiler\BitLord

2008-03-25 20:04 --------- d-----w C:\Documents and Settings\Roar\Programdata\LimeWire

2008-03-21 18:45 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-15 20:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-15 04:20 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-15 03:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-03-10 00:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-03-03 19:42 --------- d-----w C:\Programfiler\Google

2008-03-03 15:35 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-03-02 16:40 --------- d-----w C:\Documents and Settings\Roar\Programdata\My Battle for Middle-earth II Files

2008-03-02 15:25 --------- d-----w C:\Programfiler\DAEMON Tools

2008-02-23 17:24 --------- d-----w C:\Documents and Settings\Roar\Programdata\vlc

2008-02-23 17:23 --------- d-----w C:\Programfiler\VideoLAN

2008-02-23 09:14 --------- d-----w C:\Documents and Settings\Roar\Programdata\Xfire

2008-02-23 09:13 --------- d-s---w C:\Programfiler\Xfire

2008-02-22 12:26 --------- d-----w C:\Programfiler\Bethesda Softworks

2008-02-21 00:47 --------- d-----w C:\Documents and Settings\Roar\Programdata\Apple Computer

2008-02-21 00:46 --------- d-----w C:\Programfiler\QuickTime

2008-02-21 00:46 --------- d-----w C:\Programfiler\Bonjour

2008-02-21 00:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-02-21 00:45 --------- d-----w C:\Programfiler\Apple Software Update

2008-02-21 00:44 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-02-21 00:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-02-20 22:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-18 16:39 --------- d-----w C:\Programfiler\Windows Live

2008-02-18 16:38 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-18 16:34 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-02-18 14:07 --------- d-----w C:\Documents and Settings\Roar\Programdata\Sports Interactive

2008-02-18 14:01 22,328 ----a-w C:\Documents and Settings\Roar\Programdata\PnkBstrK.sys

2008-02-18 13:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-02-18 13:46 --------- d--h--r C:\Documents and Settings\Roar\Programdata\SecuROM

2008-02-18 13:45 --------- d--h--w C:\Programfiler\Zero G Registry

2008-02-18 13:44 --------- d-----w C:\Programfiler\Sports Interactive

2008-02-18 13:26 0 ----a-r C:\logwmemory.bin

2008-02-18 12:26 --------- d-----w C:\Documents and Settings\Roar\Programdata\ATI

2008-02-18 12:23 --------- d-----w C:\Programfiler\ATI Technologies

2008-02-18 12:10 --------- d-----w C:\Programfiler\Realtek

2008-02-18 12:07 --------- d-----w C:\Programfiler\Launch Manager

2008-02-18 12:02 --------- d-----w C:\Programfiler\Intel

2008-02-18 11:32 --------- d-----w C:\Programfiler\DIFX

2008-02-18 11:31 557,056 ----a-w C:\WINDOWS\system32\Netw2c32.dll

2008-02-18 11:31 2,732,032 ----a-w C:\WINDOWS\system32\Netw2r32.dll

2008-02-18 10:56 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-02-18 08:37 --------- d-----w C:\Documents and Settings\All Users\Programdata\PC Drivers HeadQuarters

2008-02-16 23:22 --------- d-----w C:\Documents and Settings\Roar\Programdata\Norman

2008-02-16 21:53 --------- d-----w C:\Documents and Settings\Roar\Programdata\InstallShield

2008-02-16 21:19 --------- d-----w C:\Programfiler\Java

2008-02-16 21:19 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-02-16 20:04 --------- d-----w C:\Programfiler\D-Link

2008-02-16 20:04 --------- d-----w C:\Programfiler\ANI

2008-02-16 16:23 --------- d-----w C:\Programfiler\microsoft frontpage

2008-02-16 16:22 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-02-16 16:21 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-28_20.09.56,37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-03-28 20:04:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_da8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

"AlcoholAutomount"="D:\Programfiler\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 15:07 1249280]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-04-14 11:54 45056]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-04-27 14:02 183352]

"Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"HotkeyApp"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-08-17 10:05 61440]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSD.exe" [2005-03-16 13:52 204800]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-09-02 15:14 81920]

"RTHDCPL"="RTHDCPL.EXE" [2005-10-24 09:52 14820864 C:\WINDOWS\RTHDCPL.EXE]

"AzMixerSel"="C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe" [2005-10-24 09:52 53248]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 00:40 57344]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-10 01:05 185896]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 01:20 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 01:20 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

ATI CATALYST-systemstatusfelt.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36 57344]

PowerReg Scheduler.exe [2008-03-14 17:02:46 256000]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Programfiler\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"D:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=

 

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]

R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]

R2 Ndiskio;Ndiskio;C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]

S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-27 18:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-28 21:03:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe

C:\Programfiler\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\Norman\Npf\BIN\NPFSVICE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE

C:\Programfiler\Norman\Nvc\BIN\NIP.EXE

C:\Programfiler\Norman\Nvc\bin\cclaw.exe

C:\Programfiler\Norman\Npf\BIN\npfmsg2.exe

C:\Programfiler\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2008-03-28 21:08:18 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-28 20:08:12

ComboFix2.txt 2008-03-28 19:10:33

Pre-Run: 7,615,143,936 byte ledig

Post-Run: 7,557,373,952 byte ledig

.

2008-03-12 13:02:32 --- E O F ---

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Ser fint ut dette :thumbup:

 

Du kan avinstallere combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette avinstallerer programmet, backups samt nullstiller systemgjenopprettingen.

 

Du kan videre kjøre en rens med CCleaner og evt. en full (complete) scan med SAS.

 

Surf trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...