Gå til innhold

» Data » IKT-drift og sikkerhet

3 trojaner oppdaget på pcen

Av GLN
5. april 2010 i IKT-drift og sikkerhet

Anbefalte innlegg

GLN

Skrevet 5. april 2010

- Del

Skrevet 5. april 2010

Norton har i lang tid oppdaget trojaner på pcen, men den har ikke vært i bruk de siste månedene, derfor har jeg ikke tatt fatt i problemet. Men nå skal jeg bruke pcen mer, og derfor hadde det vært greit med en malwarefri pc.

MBAM log(0 objekter funnet kan være siden jeg kjørte et skann og fjenet all malware sist jeg brukte pcen):

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1716

Windows 5.1.2600 Service Pack 3

06.04.2010 00:47:03

mbam-log-2010-04-06 (00-47-03).txt

Skanntype: Rask Skann

Objekter skannet: 64107

Tid tilbakelagt: 4 minute(s), 32 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Combofix log:

ComboFix 10-04-04.01 - Dranc 06.04.2010 0:52.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.474 [GMT 2:00]

Kjører fra: e:\documents and settings\Dranc.DRANCI\Mine dokumenter\Firefox nedlastinger\ComboFix.exe

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

e:\documents and settings\Dranc.DRANCI\Mine dokumenter\ZbThumbnail.info

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-05 til 2010-04-05 )))))))))))))))))))))))))))))))))

.

Ingen nye filer opprettet i dette tidsrommet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-05 22:50 . 2009-03-10 15:59 -------- d-----w- e:\documents and settings\Dranc.DRANCI\Programdata\Spotify

2010-04-05 22:49 . 2007-04-14 01:51 -------- d-----w- e:\programfiler\Fellesfiler\Symantec Shared

2007-04-14 10:52 . 2007-04-14 10:52 65 ----a-w- e:\programfiler\Fellesfiler\appop.log

2008-12-31 11:32 . 2007-07-27 14:25 88 --sh--r- e:\windows2\system32\D0B165EC96.sys

2008-12-31 11:32 . 2007-07-27 14:25 3766 --sha-w- e:\windows2\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-04-26_19.25.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-05 16:57 . 2010-04-05 16:57 16384 e:\windows2\Temp\Perflib_Perfdata_770.dat

+ 2009-08-13 19:53 . 2009-08-13 19:53 41872 e:\windows2\system32\xfcodec.dll

+ 2007-06-21 17:17 . 2009-01-07 16:21 26144 e:\windows2\system32\spupdsvc.exe

+ 2007-09-24 14:59 . 2009-01-07 16:21 17440 e:\windows2\system32\spmsg.dll

+ 2009-07-26 14:44 . 2009-07-26 14:44 48448 e:\windows2\system32\sirenacm.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 46592 e:\windows2\system32\pngfilt.dll

+ 2004-08-04 12:00 . 2009-10-17 22:13 61500 e:\windows2\system32\perfc014.dat

+ 2004-08-04 12:00 . 2009-10-17 22:13 53744 e:\windows2\system32\perfc009.dat

+ 2009-01-07 16:20 . 2009-01-07 16:20 23552 e:\windows2\system32\normaliz.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 24576 e:\windows2\system32\nlsdl.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 48128 e:\windows2\system32\mshtmler.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 66560 e:\windows2\system32\mshtmled.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 45568 e:\windows2\system32\mshta.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 13312 e:\windows2\system32\msfeedssync.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 55296 e:\windows2\system32\msfeedsbs.dll

+ 2009-04-12 09:47 . 2009-10-17 16:17 84661 e:\windows2\system32\Macromed\Flash\uninstall_plugin.exe

- 2009-04-12 09:47 . 2009-04-12 09:47 84661 e:\windows2\system32\Macromed\Flash\uninstall_plugin.exe

+ 2004-08-04 12:00 . 2009-03-08 02:34 43008 e:\windows2\system32\licmgr10.dll

+ 2004-08-04 12:00 . 2009-03-08 02:33 25600 e:\windows2\system32\jsproxy.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 94720 e:\windows2\system32\inseng.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 34816 e:\windows2\system32\imgutil.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 36864 e:\windows2\system32\ieudinit.exe

+ 2004-08-04 12:00 . 2009-03-08 02:32 71680 e:\windows2\system32\iesetup.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 55808 e:\windows2\system32\iernonce.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 26112 e:\windows2\system32\idndl.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 59904 e:\windows2\system32\icardie.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 46592 e:\windows2\system32\dllcache\pngfilt.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 48128 e:\windows2\system32\dllcache\mshtmler.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 66560 e:\windows2\system32\dllcache\mshtmled.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 45568 e:\windows2\system32\dllcache\mshta.exe

+ 2009-03-08 02:34 . 2009-03-08 02:34 43008 e:\windows2\system32\dllcache\licmgr10.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 25600 e:\windows2\system32\dllcache\jsproxy.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 94720 e:\windows2\system32\dllcache\inseng.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 34816 e:\windows2\system32\dllcache\imgutil.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 71680 e:\windows2\system32\dllcache\iesetup.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 55808 e:\windows2\system32\dllcache\iernonce.dll

+ 2009-03-08 02:24 . 2009-03-08 02:24 68608 e:\windows2\system32\dllcache\hmmapi.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 18944 e:\windows2\system32\dllcache\corpol.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 72704 e:\windows2\system32\dllcache\admparse.dll

+ 2004-08-04 12:00 . 2009-03-08 02:33 18944 e:\windows2\system32\corpol.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 72704 e:\windows2\system32\admparse.dll

+ 2009-09-16 19:35 . 2009-09-16 19:35 27136 e:\windows2\Installer\f5be2f.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 83456 e:\windows2\Installer\f5be19.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 59904 e:\windows2\Installer\f5be12.msi

+ 2009-04-03 16:26 . 2009-04-03 16:26 51712 e:\windows2\Installer\b945f4.msi

+ 2009-09-16 19:36 . 2009-09-16 19:36 80395 e:\windows2\Installer\{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}\MsblIco.Exe

+ 2009-09-07 20:01 . 2008-04-14 16:22 37888 e:\windows2\ie8\url.dll

+ 2009-09-07 20:01 . 2009-03-08 14:02 58448 e:\windows2\ie8\spuninst\iecustom.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 39424 e:\windows2\ie8\pngfilt.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 96768 e:\windows2\ie8\occache.dll

+ 2009-09-07 20:01 . 2008-04-14 15:41 57344 e:\windows2\ie8\mshtmler.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 29184 e:\windows2\ie8\mshta.exe

+ 2009-09-07 20:01 . 2008-04-14 16:22 22016 e:\windows2\ie8\licmgr10.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 15872 e:\windows2\ie8\jsproxy.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 96768 e:\windows2\ie8\inseng.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 35840 e:\windows2\ie8\imgutil.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 93184 e:\windows2\ie8\iexplore.exe

+ 2009-09-07 20:01 . 2008-04-14 16:22 62976 e:\windows2\ie8\iesetup.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 48640 e:\windows2\ie8\iernonce.dll

+ 2009-09-07 20:01 . 2009-02-20 08:12 81920 e:\windows2\ie8\ieencode.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 34304 e:\windows2\ie8\ie4uinit.exe

+ 2009-09-07 20:01 . 2008-04-14 16:22 38912 e:\windows2\ie8\hmmapi.dll

+ 2009-09-07 20:01 . 2008-04-14 16:21 35328 e:\windows2\ie8\corpol.dll

+ 2009-09-07 20:01 . 2008-04-14 16:21 61440 e:\windows2\ie8\admparse.dll

+ 2007-11-06 23:19 . 2007-11-06 23:19 655872 e:\windows2\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-06 23:19 . 2007-11-06 23:19 568832 e:\windows2\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-06 18:23 . 2007-11-06 18:23 224768 e:\windows2\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2008-04-14 16:22 . 2009-01-07 16:21 121856 e:\windows2\system32\xmllite.dll

- 2008-04-14 16:22 . 2008-04-14 16:22 121856 e:\windows2\system32\xmllite.dll

+ 2004-08-04 12:00 . 2009-03-08 02:34 914944 e:\windows2\system32\wininet.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 208384 e:\windows2\system32\WinFXDocObj.exe

+ 2004-08-04 12:00 . 2009-03-08 02:34 236544 e:\windows2\system32\webcheck.dll

+ 2002-12-11 08:19 . 2002-12-11 08:19 368640 e:\windows2\system32\vobsub.dll

+ 2004-08-04 12:00 . 2009-03-08 02:33 420352 e:\windows2\system32\vbscript.dll

+ 2004-08-04 12:00 . 2009-03-08 02:34 105984 e:\windows2\system32\url.dll

+ 2002-10-15 22:54 . 2002-10-15 22:54 153088 e:\windows2\system32\unrar.dll

+ 2004-08-04 12:00 . 2009-10-17 22:13 387742 e:\windows2\system32\perfh014.dat

+ 2004-08-04 12:00 . 2009-10-17 22:13 383390 e:\windows2\system32\perfh009.dat

+ 2004-08-04 12:00 . 2009-03-08 02:34 109568 e:\windows2\system32\occache.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 611840 e:\windows2\system32\mstime.dll

+ 2004-08-04 12:00 . 2009-03-08 02:34 193536 e:\windows2\system32\msrating.dll

+ 2004-08-04 12:00 . 2009-03-08 02:22 156160 e:\windows2\system32\msls31.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 594432 e:\windows2\system32\msfeeds.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 265720 e:\windows2\system32\msdbg2.dll

+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 e:\windows2\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2004-08-04 12:00 . 2009-03-08 02:33 726528 e:\windows2\system32\jscript.dll

+ 2009-03-08 02:22 . 2009-03-08 02:22 164352 e:\windows2\system32\ieui.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 183808 e:\windows2\system32\iepeers.dll

+ 2004-08-04 12:00 . 2009-03-08 12:09 391536 e:\windows2\system32\iedkcs32.dll

+ 2009-03-08 02:11 . 2009-03-08 02:11 445952 e:\windows2\system32\ieapfltr.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 163840 e:\windows2\system32\ieakui.dll

+ 2004-08-04 12:00 . 2009-03-08 02:33 229376 e:\windows2\system32\ieaksie.dll

+ 2004-08-04 12:00 . 2009-03-08 02:33 125952 e:\windows2\system32\ieakeng.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 173056 e:\windows2\system32\ie4uinit.exe

+ 2007-06-20 22:55 . 2009-09-17 14:21 121336 e:\windows2\system32\FNTCACHE.DAT

+ 2004-08-04 12:00 . 2009-03-08 02:31 216064 e:\windows2\system32\dxtrans.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 348160 e:\windows2\system32\dxtmsft.dll

+ 2008-04-21 06:56 . 2009-03-08 02:34 914944 e:\windows2\system32\dllcache\wininet.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 236544 e:\windows2\system32\dllcache\webcheck.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 759296 e:\windows2\system32\dllcache\VGX.dll

+ 2008-05-09 10:56 . 2009-03-08 02:33 420352 e:\windows2\system32\dllcache\vbscript.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 105984 e:\windows2\system32\dllcache\url.dll

+ 2009-01-07 16:20 . 2009-01-07 16:20 134144 e:\windows2\system32\dllcache\sqmapi.dll

+ 2009-01-07 16:21 . 2009-01-07 16:21 474112 e:\windows2\system32\dllcache\shlwapi.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 109568 e:\windows2\system32\dllcache\occache.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 611840 e:\windows2\system32\dllcache\mstime.dll

+ 2009-03-08 02:34 . 2009-03-08 02:34 193536 e:\windows2\system32\dllcache\msrating.dll

+ 2004-08-04 12:00 . 2009-03-08 02:22 156160 e:\windows2\system32\dllcache\msls31.dll

+ 2008-05-09 10:56 . 2009-03-08 02:33 726528 e:\windows2\system32\dllcache\jscript.dll

+ 2009-03-08 12:09 . 2009-03-08 12:09 638816 e:\windows2\system32\dllcache\iexplore.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 183808 e:\windows2\system32\dllcache\iepeers.dll

+ 2009-03-08 12:09 . 2009-03-08 12:09 391536 e:\windows2\system32\dllcache\iedkcs32.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 163840 e:\windows2\system32\dllcache\ieakui.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 229376 e:\windows2\system32\dllcache\ieaksie.dll

+ 2009-03-08 02:33 . 2009-03-08 02:33 125952 e:\windows2\system32\dllcache\ieakeng.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 173056 e:\windows2\system32\dllcache\ie4uinit.exe

+ 2009-03-08 02:31 . 2009-03-08 02:31 216064 e:\windows2\system32\dllcache\dxtrans.dll

+ 2009-03-08 02:31 . 2009-03-08 02:31 348160 e:\windows2\system32\dllcache\dxtmsft.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 128512 e:\windows2\system32\dllcache\advpack.dll

+ 2004-08-04 12:00 . 2009-03-08 02:32 128512 e:\windows2\system32\advpack.dll

+ 2009-09-16 19:36 . 2009-09-16 19:36 430080 e:\windows2\Installer\f5be3e.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 155648 e:\windows2\Installer\f5be36.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 140288 e:\windows2\Installer\f5be28.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 202752 e:\windows2\Installer\f5be20.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 107008 e:\windows2\Installer\f5be0b.msi

+ 2009-09-16 19:35 . 2009-09-16 19:35 301056 e:\windows2\Installer\f5be04.msi

+ 2007-11-24 02:37 . 2007-11-24 02:37 282624 e:\windows2\Installer\d6e16e.msi

+ 2007-06-28 10:40 . 2007-06-28 10:40 307200 e:\windows2\Installer\a582b9a.msi

+ 2008-01-26 12:42 . 2008-01-26 12:42 691200 e:\windows2\Installer\9b6b7.msi

+ 2009-03-01 04:00 . 2009-03-01 04:00 839168 e:\windows2\Installer\9065765.msi

+ 2009-02-28 23:52 . 2009-02-28 23:52 807936 e:\windows2\Installer\8203f3c.msi

+ 2009-02-28 23:50 . 2009-02-28 23:50 773120 e:\windows2\Installer\8203f0b.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 700928 e:\windows2\Installer\8203ef8.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 250368 e:\windows2\Installer\8203ef1.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 217088 e:\windows2\Installer\8203eea.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 252928 e:\windows2\Installer\8203ee3.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 966144 e:\windows2\Installer\8203edc.msi

+ 2008-03-13 22:29 . 2008-03-13 22:29 269312 e:\windows2\Installer\707c4.msi

+ 2009-03-30 14:22 . 2009-03-30 14:22 836096 e:\windows2\Installer\54f382.msi

+ 2008-11-13 02:00 . 2008-11-13 02:00 432640 e:\windows2\Installer\3b69d233.msi

+ 2008-01-23 15:08 . 2008-01-23 15:08 800256 e:\windows2\Installer\347b2ea.msp

+ 2008-06-11 12:02 . 2008-06-11 12:02 830464 e:\windows2\Installer\347b2d3.msp

+ 2007-07-29 01:01 . 2007-07-29 01:01 428544 e:\windows2\Installer\33651d3.msi

+ 2007-08-15 01:01 . 2007-08-15 01:01 431104 e:\windows2\Installer\32265ba.msi

+ 2008-09-19 18:41 . 2008-09-19 18:41 190976 e:\windows2\Installer\2f267dc1.msi

+ 2007-06-26 21:48 . 2007-06-26 21:48 303616 e:\windows2\Installer\26fa209.msi

+ 2008-03-13 22:16 . 2008-03-13 22:16 100352 e:\windows2\Installer\24ef376c.msi

+ 2007-06-20 21:16 . 2007-06-20 21:16 267264 e:\windows2\Installer\1eeb8.msi

+ 2008-03-12 16:41 . 2008-03-12 16:41 537600 e:\windows2\Installer\1e8f17e5.msi

+ 2007-07-27 22:01 . 2007-07-27 22:01 282624 e:\windows2\Installer\1455086.msi

+ 2008-08-14 09:04 . 2008-08-14 09:04 532992 e:\windows2\Installer\11dfa.msi

+ 2008-10-06 22:39 . 2008-10-06 22:39 441856 e:\windows2\Installer\10bb78bf.msi

+ 2007-11-14 18:04 . 2007-11-14 18:04 451584 e:\windows2\Installer\1030c4b.msi

+ 2009-09-07 20:01 . 2009-02-20 08:12 665600 e:\windows2\ie8\wininet.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 278016 e:\windows2\ie8\webcheck.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 851968 e:\windows2\ie8\vgx.dll

+ 2009-09-07 20:01 . 2008-05-09 10:56 430080 e:\windows2\ie8\vbscript.dll

+ 2009-09-07 20:01 . 2009-02-20 08:12 618496 e:\windows2\ie8\urlmon.dll

+ 2009-09-07 20:01 . 2009-01-07 16:21 385568 e:\windows2\ie8\spuninst\updspapi.dll

+ 2009-09-07 20:01 . 2009-01-07 16:21 232992 e:\windows2\ie8\spuninst\spuninst.exe

+ 2009-09-07 20:01 . 2008-04-14 16:22 532480 e:\windows2\ie8\mstime.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 146432 e:\windows2\ie8\msrating.dll

+ 2009-09-07 20:01 . 2004-08-04 12:00 146432 e:\windows2\ie8\msls31.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 449024 e:\windows2\ie8\mshtmled.dll

+ 2009-09-07 20:01 . 2008-05-09 10:56 512000 e:\windows2\ie8\jscript.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 251904 e:\windows2\ie8\iepeers.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 323584 e:\windows2\ie8\iedkcs32.dll

+ 2009-09-07 20:01 . 2004-08-04 12:00 225280 e:\windows2\ie8\ieakui.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 218624 e:\windows2\ie8\ieaksie.dll

+ 2009-09-07 20:01 . 2008-04-14 16:22 143360 e:\windows2\ie8\ieakeng.dll

+ 2009-09-07 20:01 . 2008-04-14 16:21 205312 e:\windows2\ie8\dxtrans.dll

+ 2009-09-07 20:01 . 2008-04-14 16:21 357888 e:\windows2\ie8\dxtmsft.dll

+ 2009-09-07 20:01 . 2008-04-14 16:21 100352 e:\windows2\ie8\advpack.dll

+ 2004-08-04 12:00 . 2004-08-04 12:00 1354752 e:\windows2\system32\webfldrs.msi

+ 2004-08-04 12:00 . 2009-03-08 02:34 1206784 e:\windows2\system32\urlmon.dll

+ 2004-08-04 12:00 . 2009-03-08 02:41 5937152 e:\windows2\system32\mshtml.dll

+ 2009-03-08 02:32 . 2009-03-08 02:32 1985024 e:\windows2\system32\iertutil.dll

+ 2009-02-06 19:07 . 2009-02-06 19:07 3698584 e:\windows2\system32\ieapfltr.dat

+ 2008-06-26 08:15 . 2009-03-08 02:34 1206784 e:\windows2\system32\dllcache\urlmon.dll

+ 2008-04-21 06:56 . 2009-03-08 02:41 5937152 e:\windows2\system32\dllcache\mshtml.dll

+ 2009-01-07 16:21 . 2009-01-07 16:21 1022976 e:\windows2\system32\dllcache\browseui.dll

+ 2008-09-02 23:36 . 2004-08-04 12:00 1354752 e:\windows2\ServicePackFiles\i386\webfldrs.msi

+ 2007-05-25 10:08 . 2007-05-25 10:08 9609728 e:\windows2\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp

+ 2008-05-23 16:12 . 2008-05-23 16:12 3035648 e:\windows2\Installer\f02eca2.msi

+ 2008-03-06 22:31 . 2008-03-06 22:31 1054208 e:\windows2\Installer\efe351.msi

+ 2007-07-27 14:24 . 2007-07-27 14:24 2142720 e:\windows2\Installer\c8dbec.msi

+ 2009-01-15 01:35 . 2009-01-15 01:35 4830720 e:\windows2\Installer\b945fc.msp

+ 2008-08-03 21:16 . 2008-08-03 21:16 1396224 e:\windows2\Installer\b8a7ed.msi

+ 2009-03-09 22:20 . 2009-03-09 22:20 3762688 e:\windows2\Installer\a275b0.msi

+ 2009-03-09 22:19 . 2009-03-09 22:19 1652224 e:\windows2\Installer\a27294.msi

+ 2009-03-09 22:18 . 2009-03-09 22:18 8992256 e:\windows2\Installer\a2728d.msi

+ 2007-06-21 16:57 . 2007-06-21 16:57 5355008 e:\windows2\Installer\8ba4a.msi

+ 2009-02-28 23:52 . 2009-02-28 23:52 1498112 e:\windows2\Installer\8203f35.msi

+ 2009-02-28 23:51 . 2009-02-28 23:51 1469440 e:\windows2\Installer\8203f2e.msi

+ 2009-02-28 23:51 . 2009-02-28 23:51 1852416 e:\windows2\Installer\8203f27.msi

+ 2009-02-28 23:51 . 2009-03-01 04:00 1946624 e:\windows2\Installer\8203f20.msi

+ 2009-02-28 23:50 . 2009-02-28 23:50 1875456 e:\windows2\Installer\8203f12.msi

+ 2009-02-28 23:50 . 2009-02-28 23:50 4389888 e:\windows2\Installer\8203f00.msi

+ 2009-02-28 23:49 . 2009-02-28 23:49 2082304 e:\windows2\Installer\8203ed5.msi

+ 2008-11-26 17:30 . 2008-11-26 17:30 1793024 e:\windows2\Installer\5e72e.msi

+ 2008-06-11 13:05 . 2008-06-11 13:05 9994240 e:\windows2\Installer\347b3f2.msp

+ 2008-10-22 20:43 . 2008-10-22 20:43 6820352 e:\windows2\Installer\347b3da.msp

+ 2008-10-22 20:48 . 2008-10-22 20:48 7672832 e:\windows2\Installer\347b3a7.msp

+ 2008-01-31 08:30 . 2008-01-31 08:30 9947648 e:\windows2\Installer\347b374.msp

+ 2008-01-14 14:53 . 2008-01-14 14:53 5213696 e:\windows2\Installer\347b348.msp

+ 2008-10-25 07:15 . 2008-10-25 07:15 6227456 e:\windows2\Installer\347b32a.msp

+ 2008-07-08 09:27 . 2008-07-08 09:27 8436736 e:\windows2\Installer\347b2fe.msp

+ 2008-01-26 13:28 . 2008-01-26 13:28 1899520 e:\windows2\Installer\335fe0.msi

+ 2008-11-26 16:38 . 2008-11-26 16:38 1549312 e:\windows2\Installer\24142f4f.msi

+ 2008-11-26 16:30 . 2008-11-26 16:30 3152384 e:\windows2\Installer\24142b2e.msi

+ 2008-05-09 19:53 . 2008-05-09 19:53 3443712 e:\windows2\Installer\1fe5dc85.msi

+ 2008-03-12 16:43 . 2008-03-12 16:43 1453568 e:\windows2\Installer\1e8f18b8.msi

+ 2008-03-12 16:42 . 2008-03-12 16:42 1868800 e:\windows2\Installer\1e8f1826.msi

+ 2008-03-12 16:40 . 2008-03-12 16:40 2892288 e:\windows2\Installer\1e8f17cb.msi

+ 2008-03-12 16:35 . 2008-03-12 16:35 5091840 e:\windows2\Installer\1e8f17c0.msi

+ 2007-12-01 00:13 . 2007-12-01 00:13 3285504 e:\windows2\Installer\1ac11755.msi

+ 2007-09-20 15:12 . 2007-09-20 15:12 4590592 e:\windows2\Installer\18511b41.msi

+ 2005-10-26 12:59 . 2005-10-26 12:59 2883072 e:\windows2\Installer\169effe.msp

+ 2009-02-11 13:02 . 2009-02-11 13:02 5519872 e:\windows2\Installer\169efea.msp

+ 2008-02-19 17:25 . 2008-02-19 17:25 3820544 e:\windows2\Installer\153bbb89.msi

+ 2008-02-19 17:24 . 2008-02-19 17:24 3816960 e:\windows2\Installer\153bbb7d.msi

+ 2008-02-19 17:24 . 2008-02-19 17:24 3814400 e:\windows2\Installer\153bbb71.msi

+ 2008-02-19 17:23 . 2008-02-19 17:23 1217024 e:\windows2\Installer\153bbb66.msi

+ 2009-03-05 13:40 . 2009-03-05 13:40 6819840 e:\windows2\Installer\141b3e7.msp

+ 2008-01-26 12:27 . 2008-01-26 12:27 6092288 e:\windows2\Installer\12f63663.msi

+ 2009-09-07 20:01 . 2009-02-20 08:12 3089408 e:\windows2\ie8\mshtml.dll

+ 2008-01-04 16:43 . 2008-01-04 16:43 1562112 e:\windows2\Downloaded Installations\{AF3A4721-1086-489E-8CF2-B57CF0AFA201}\Polar UpLink Tool.msi

+ 2008-01-04 16:28 . 2008-04-24 12:56 3936844 e:\windows2\Downloaded Installations\{464838DE-5244-4617-89D8-4CAEBDACAD69}\Polar WebLink 2.4.3.msi

+ 2009-03-08 02:39 . 2009-03-08 02:39 11063808 e:\windows2\system32\ieframe.dll

+ 2007-06-21 18:02 . 2007-01-19 11:20 16672768 e:\windows2\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi

+ 2009-09-16 19:37 . 2009-09-16 19:37 15706112 e:\windows2\Installer\f5be92.msp

+ 2008-03-25 16:16 . 2008-03-25 16:17 13896704 e:\windows2\Installer\3c7e4f56.msi

+ 2008-05-11 01:02 . 2008-05-11 01:02 15256576 e:\windows2\Installer\3541a46.msp

+ 2008-07-30 06:50 . 2008-07-30 06:50 12506112 e:\windows2\Installer\347b3b5.msp

+ 2008-06-04 11:29 . 2008-06-04 11:29 16905728 e:\windows2\Installer\347b382.msp

+ 2008-01-14 13:24 . 2008-01-14 13:24 10721280 e:\windows2\Installer\347b30b.msp

+ 2008-05-10 01:01 . 2008-05-10 01:01 19210240 e:\windows2\Installer\2103624d.msp

+ 2008-01-26 12:25 . 2008-01-26 12:25 14308864 e:\windows2\Installer\12f63662.msi

+ 2008-05-20 20:48 . 2008-05-20 20:48 12806656 e:\windows2\Downloaded Installations\{15EEB1A0-BD53-4BE1-B538-6E63CC45B074}\MathXpert.msi

+ 2007-07-27 07:31 . 2007-07-27 07:31 110354432 e:\windows2\Installer\169efd5.msp

+ 2007-07-27 07:03 . 2007-07-27 07:03 119977472 e:\windows2\Installer\169ef36.msp

.

-- Snapshot resatt til dagens dato --

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="e:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows2\system32\NvCpl.dll" [2009-02-18 13680640]

"nwiz"="nwiz.exe" [2009-02-18 1657376]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]

"SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"PWRISOVM.EXE"="e:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"Adobe Photo Downloader"="e:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Symantec PIF AlertEng"="e:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ccApp"="e:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"QuickTime Task"="e:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"NvMediaCenter"="e:\windows2\system32\NvMcTray.dll" [2009-02-18 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Dranc\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Xfire.lnk - e:\programfiler\Xfire\xfire.exe [2009-8-13 3109264]

e:\documents and settings\All Users.WINDOWS2\Start-meny\Programmer\Oppstart\

ColorVisionStartup.lnk - e:\programfiler\ColorVision\Utility\ColorVisionStartup.exe [2006-1-31 385024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Programfiler\\Xfire\\xfire.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\gleini\\counter-strike source\\hl2.exe"=

"e:\\Programfiler\\VentSrv\\ventrilo_srv.exe"=

"e:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"e:\\Programfiler\\iTunes\\iTunes.exe"=

"e:\\Programfiler\\Spotify\\spotify.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13524:TCP"= 13524:TCP:BitComet 13524 TCP

"13524:UDP"= 13524:UDP:BitComet 13524 UDP

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.08.2009 22:00 102448]

S3 PID_0920;Logitech QuickCam Express(PID_0920);e:\windows2\system32\DRIVERS\LV532AV.SYS --> e:\windows2\system32\DRIVERS\LV532AV.SYS [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);e:\windows2\system32\drivers\s0016bus.sys [01.01.2009 21:16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;e:\windows2\system32\drivers\s0016mdfl.sys [01.01.2009 21:16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;e:\windows2\system32\drivers\s0016mdm.sys [01.01.2009 21:16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);e:\windows2\system32\drivers\s0016mgmt.sys [01.01.2009 21:16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);e:\windows2\system32\drivers\s0016nd5.sys [01.01.2009 21:16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;e:\windows2\system32\drivers\s0016obex.sys [01.01.2009 21:16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);e:\windows2\system32\drivers\s0016unic.sys [01.01.2009 21:16 115752]

S3 USBAAPL;Apple Mobile USB Driver;e:\windows2\system32\drivers\usbaapl.sys [26.11.2008 18:30 32000]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-10-10 e:\windows2\Tasks\AppleSoftwareUpdate.job

- e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - e:\programfiler\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - e:\programfiler\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - e:\programfiler\BitComet\BitComet.exe/AddAllLink.htm

IE: E&ksporter til Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\plugins\npDyyno.dll

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\plugins\npPxPlay.dll

FF - plugin: e:\programfiler\Dyyno\Dyyno Player\npvlc.dll

FF - plugin: e:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - e:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

AddRemove-SmartUndelete_is1 - g:\smartundelete\unins000.exe

AddRemove-VentriloMIX - c:\program files\VentriloMIX\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-06 00:58

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

Tidspunkt ferdig: 2010-04-06 01:00:47

ComboFix-quarantined-files.txt 2010-04-05 23:00

ComboFix2.txt 2009-02-02 19:28

Pre-Run: 29 300 424 704 byte ledig

Post-Run: 29 260 898 304 byte ledig

- - End Of File - - 52D9B225222A0AA1A1B8E205CBE835B9

På forhånd takk for hjelpen, setter enormt stor pris på hjelpen og gjestfriheten som er på denne delen av forumet!

Lenke til kommentar

Videoannonse

Annonse

evenandreas

evenandreas

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Trojan Remower fjerner alt av Trojanere.

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Hei

Trojan Remower fjerner alt av Trojanere.

Har du noe som kan bekrefte dette?

@ Pirja:

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

File::
e:\windows2\system32\D0B165EC96.sys

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

Lenke til kommentar

evenandreas

evenandreas

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Trojan Remower fjerner alt av Trojanere.

Har du noe som kan bekrefte dette?

Jeg bruker programmet og det funker for meg, jeg forstår at navnet er litt rart men som sagt, det funker for meg. Kan gjerne laste opp noen bilder senere i kveld.

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Ser ikke hvorfor du skal si at det fjerner alt av trojanere. da INGEN programmer gjørt det.

Lenke til kommentar

evenandreas

evenandreas

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Hva mener du? Jeg fikk 2 trojanere for en stund siden, kjørte scan over natten og dagen etter var maskinen ren.

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Hva jeg mener? jo, hvordan veit du at maskina di er ren? Sefølgelig finner den trojanere da den er laget for det men den fjernet 2 stykker fra maskina di og så mener du at den fjerner alt av trojanere?

Lenke til kommentar

evenandreas

evenandreas

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Kanskje jeg tar feil da, men min maskin ble ren etter at jeg kjørte programmet.

Jeg ville bare hjelpe personen som fikk trojanere på maskinen sin. Du trenger da ikke lage så mye ut av det.

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010 (endret)

Gjør ikke så mye ut av det. Sjekker bare om du har noe grunnlag for det du sier eller bare sier det for det var det som funka for din infeksjon. :thumbup:

Endret 6. april 2010 av Submit

Lenke til kommentar

jafseslafser

jafseslafser

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

du har jo også AVG som er et svært godt virus programm

Lenke til kommentar

GLN

Skrevet 6. april 2010

Forfatter

- Del

Skrevet 6. april 2010

Hei

Trojan Remower fjerner alt av Trojanere.

Har du noe som kan bekrefte dette?

@ Pirja:

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:
File::
e:\windows2\system32\D0B165EC96.sys
Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

Combofix log etter CFScript:

ComboFix 10-04-05.06 - Dranc 06.04.2010 16:49:57.6.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.560 [GMT 2:00]

Kjører fra: e:\documents and settings\Dranc.DRANCI\Skrivebord\ComboFix.exe

Command switches brukt :: e:\documents and settings\Dranc.DRANCI\Skrivebord\CFScript.txt

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

FILE ::

"e:\windows2\system32\D0B165EC96.sys"

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

e:\windows2\system32\D0B165EC96.sys

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-06 til 2010-04-06 )))))))))))))))))))))))))))))))))

.

Ingen nye filer opprettet i dette tidsrommet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-06 14:24 . 2007-06-28 10:39 -------- d-----w- e:\documents and settings\All Users.WINDOWS2\Programdata\Symantec

2010-04-05 23:15 . 2009-03-10 15:59 -------- d-----w- e:\documents and settings\Dranc.DRANCI\Programdata\Spotify

2010-04-05 23:07 . 2007-04-14 01:51 -------- d-----w- e:\programfiler\Fellesfiler\Symantec Shared

2007-04-14 10:52 . 2007-04-14 10:52 65 ----a-w- e:\programfiler\Fellesfiler\appop.log

2008-12-31 11:32 . 2007-07-27 14:25 3766 --sha-w- e:\windows2\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot_2010-04-05_22.58.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-06 14:27 . 2010-04-06 14:27 16384 e:\windows2\Temp\Perflib_Perfdata_6a4.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="e:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows2\system32\NvCpl.dll" [2009-02-18 13680640]

"nwiz"="nwiz.exe" [2009-02-18 1657376]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]

"SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"PWRISOVM.EXE"="e:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"Adobe Photo Downloader"="e:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Symantec PIF AlertEng"="e:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ccApp"="e:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"QuickTime Task"="e:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"NvMediaCenter"="e:\windows2\system32\NvMcTray.dll" [2009-02-18 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows2\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\Dranc\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Xfire.lnk - e:\programfiler\Xfire\xfire.exe [2009-8-13 3109264]

e:\documents and settings\All Users.WINDOWS2\Start-meny\Programmer\Oppstart\

ColorVisionStartup.lnk - e:\programfiler\ColorVision\Utility\ColorVisionStartup.exe [2006-1-31 385024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Programfiler\\Xfire\\xfire.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\gleini\\counter-strike source\\hl2.exe"=

"e:\\Programfiler\\VentSrv\\ventrilo_srv.exe"=

"e:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"e:\\Programfiler\\iTunes\\iTunes.exe"=

"e:\\Programfiler\\Spotify\\spotify.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13524:TCP"= 13524:TCP:BitComet 13524 TCP

"13524:UDP"= 13524:UDP:BitComet 13524 UDP

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30.08.2009 22:00 102448]

S3 PID_0920;Logitech QuickCam Express(PID_0920);e:\windows2\system32\DRIVERS\LV532AV.SYS --> e:\windows2\system32\DRIVERS\LV532AV.SYS [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);e:\windows2\system32\drivers\s0016bus.sys [01.01.2009 21:16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;e:\windows2\system32\drivers\s0016mdfl.sys [01.01.2009 21:16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;e:\windows2\system32\drivers\s0016mdm.sys [01.01.2009 21:16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);e:\windows2\system32\drivers\s0016mgmt.sys [01.01.2009 21:16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);e:\windows2\system32\drivers\s0016nd5.sys [01.01.2009 21:16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;e:\windows2\system32\drivers\s0016obex.sys [01.01.2009 21:16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);e:\windows2\system32\drivers\s0016unic.sys [01.01.2009 21:16 115752]

S3 USBAAPL;Apple Mobile USB Driver;e:\windows2\system32\drivers\usbaapl.sys [26.11.2008 18:30 32000]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-10-10 e:\windows2\Tasks\AppleSoftwareUpdate.job

- e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = localhost;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - e:\programfiler\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - e:\programfiler\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - e:\programfiler\BitComet\BitComet.exe/AddAllLink.htm

IE: E&ksporter til Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\Firefox\Profiles\5ges5mi4.default\extensions\[email protected]\plugins\npDyyno.dll

FF - plugin: e:\documents and settings\Dranc.DRANCI\Programdata\Mozilla\plugins\npPxPlay.dll

FF - plugin: e:\programfiler\Dyyno\Dyyno Player\npvlc.dll

FF - plugin: e:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - e:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-06 16:56

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

Tidspunkt ferdig: 2010-04-06 16:58:14

ComboFix-quarantined-files.txt 2010-04-06 14:58

ComboFix2.txt 2010-04-06 14:22

ComboFix3.txt 2010-04-05 23:00

ComboFix4.txt 2009-02-02 19:28

Pre-Run: 29 295 079 424 byte ledig

Post-Run: 29 255 438 336 byte ledig

- - End Of File - - D6298DB9B5CDE8971F3EB2CC6CC377D4

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010

Hei

Da ser det bra ut!

Combofix må avinstalleres.

Gå til Start > Kjør

Skriv følgende i boksen:

ComboFix /u

PS: legg merke til mellomrommet mellom X og /u

Du skal nå ha noe som tilsvarer bildet nedenfor:

Trykk Enter.

Denne kommandoen vil:

Fjerne følgende:
- ComboFix og dets tilhørende filer og mapper.
  VundoFix backups, hvis de eksisterer.
  Mappen C:\Deckard, hvis den eksisterer
  Mappen C:\OtMoveIt, hvis den eksisterer
[*] Nullstille klokke-instillingene.

[*] Skjule filetternavn hvis det er nødvendig.

[*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

[*] Nullstille systemgjennoprettingspunkter.

Sørg forøvrig for at Java, Flash player og Adobe reader er oppdatert, i tillegg til Windows.

@ jafseslafser:

AVG har ikke Rootkit beskyttelse i gratis versonen så.. egentlig ikke :thumbup:

Lenke til kommentar

GLN

Skrevet 6. april 2010

Forfatter

- Del

Skrevet 6. april 2010

Herlig, nok en gang god hjelp. Slenger på et spørsmål til av ren nyskjerrighet. MÅ Combofix avinstalleres? Eller er det bare noe en bør gjøre?

Lenke til kommentar

raWrz

raWrz

Skrevet 6. april 2010

- Del

Skrevet 6. april 2010 (endret)

Jeg anbefaler på det sterkeste at du gjør det siden du uansett ikke har noen grunn for og ha det på maskina di.

Siden det er et veldig sterkt program som kan ødelegge maskina di uten den rette hjelpen :thumbup:

Edit: Bytt ut Combofix /u med combofix /uninstall

Det har blitt gjort om nå nylig

Endret 7. april 2010 av Submit

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...