Gå til innhold

Liker ikke å plage,men noen som gidder å sjekke Combofix loggen?


Anbefalte innlegg

ComboFix 08-01-20.1 - Nils Fredrik B›e 2008-01-21 23:50:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1389 [GMT 1:00]

Running from: C:\Documents and Settings\Nils Fredrik B›e\Skrivebord\anti-virus\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\wvuusts.dll

F:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))

.

 

2008-01-21 23:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-21 20:56 . <DIR> C:\Documents and Settings\Nils Fredrik Bøe\Siste

2008-01-11 00:12 . 2008-01-21 00:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-11 00:12 . 2008-01-11 00:12 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-06 13:46 . 2008-01-06 13:59 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-01-03 12:26 . 2008-01-03 12:26 <DIR> d-------- C:\Programfiler\QuickTime

2008-01-03 12:26 . 2008-01-03 12:26 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-01-03 12:26 . 2008-01-03 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-03 12:26 . 2008-01-03 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2007-12-21 16:40 . 2007-12-21 16:40 <DIR> d-------- C:\Programfiler\DivX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 20:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-21 20:41 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Skype

2008-01-21 20:41 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Skype

2008-01-21 20:41 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Skype

2008-01-21 16:07 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-01-21 13:12 4,276 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\wklnhst.dat

2008-01-21 13:12 4,276 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\wklnhst.dat

2008-01-21 13:12 4,276 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\wklnhst.dat

2008-01-15 21:10 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-12 20:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\dvdcss

2008-01-12 20:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\dvdcss

2008-01-12 20:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\dvdcss

2008-01-04 14:03 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\InstallShield Installation Information

2008-01-04 14:03 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\InstallShield Installation Information

2008-01-04 14:03 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\InstallShield Installation Information

2008-01-04 13:59 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\My Games

2008-01-04 13:59 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\My Games

2008-01-04 13:59 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\My Games

2007-12-18 23:15 --------- d-----w C:\Programfiler\MagicDisc

2007-12-18 23:14 --------- d-----w C:\Programfiler\MagicISO

2007-12-17 15:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Microsoft

2007-12-17 15:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Microsoft

2007-12-17 15:40 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Microsoft

2007-12-15 11:55 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Image Zone Express

2007-12-15 11:55 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Image Zone Express

2007-12-15 11:55 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Image Zone Express

2007-12-15 11:47 --------- d-----w C:\Programfiler\Microsoft Digital Image 2006

2007-12-11 17:04 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\LimeWire

2007-12-11 17:04 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\LimeWire

2007-12-11 17:04 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\LimeWire

2007-12-06 18:55 --------- d-----w C:\Programfiler\Sony Ericsson

2007-12-06 18:04 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-12-06 18:04 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2007-12-05 16:50 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2007-12-05 16:50 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-01 13:11 --------- d-----w C:\Programfiler\BitComet

2007-11-30 19:08 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Sports Interactive

2007-11-30 19:08 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Sports Interactive

2007-11-30 19:08 --------- d-----w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\Sports Interactive

2007-11-30 10:31 --------- d-----w C:\Programfiler\Windows Live Toolbar

2007-11-25 16:05 --------- d-----w C:\Programfiler\Audacity

2007-11-06 17:27 22,328 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\PnkBstrK.sys

2007-11-06 17:27 22,328 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\PnkBstrK.sys

2007-11-06 17:27 22,328 ----a-w C:\Documents and Settings\Nils Fredrik Bøe\Programdata\PnkBstrK.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 08:46 204288]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2006-08-21 15:37 20053032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088]

"Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 15:01 135168]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-03-23 09:32 2173744]

"CTDVDDET"="C:\Programfiler\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00 45056]

"AudioDrvEmulator"="C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 16:25 49152]

"VolPanel"="C:\Programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 09:34 122880]

"CTHelper"="CTHELPER.EXE" [2005-08-07 23:10 16384 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 23:10 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-10 23:00 90112]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 23:11 132496]

"amd_dc_opt"="C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 14:49 77824]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

"Spyware Doctor"="" []

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^CoreCenter.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\CoreCenter.lnk

backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk

backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Nils Fredrik Bøe^Start-meny^Programmer^Oppstart^MagicDisc.lnk]

path=C:\Documents and Settings\Nils Fredrik Bøe\Start-meny\Programmer\Oppstart\MagicDisc.lnk

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

--------- 2004-12-02 16:23 102400 C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]

C:\Programfiler\D-Link\AirPlus XtremeG\AirPlusCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-08-22 13:06 167368 C:\Programfiler\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-11 21:12 49152 C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Programfiler\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 10:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]

--------- 2005-06-16 16:25 49152 C:\Programfiler\Creative\Shared Files\Module Loader\DLLML.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 14:46 1460560 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 14:45 313472 C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"Irmon"=2 (0x2)

 

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 22:54]

S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-26 12:32]

S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-07-26 12:35]

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-05 17:50]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

S3 RushTopDevice;RushTopDevice;C:\Programfiler\MSI\Core Center\RushTop.sys [2006-03-22 14:42]

S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 12:55]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\autorun.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-12 16:41:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-01-21 22:28:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

"2008-01-21 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"

- C:\Programfiler\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 23:55:06

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-21 23:58:53 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-21 22:58:50

.

2008-01-09 15:23:17 --- E O F ---

Lenke til kommentar
Videoannonse
Annonse

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

Lenke til kommentar

Jeg har faktisk funnet to trojanere etter "clean-up'en" igår,så jeg venter litt med det,til jeg er helt kvitt det,har ikke mange minuttene foran dataen idag,så får lete videre imorgen.

Men er det trygt å ta en systemoppretting til et punkt før infekjsonen?

Eller kan det bli enda mer gravd ned og skjult da?

 

Jeg vet nøyaktig når jeg fikk det.

Lenke til kommentar

kan jeg bare spørre om en ting litt utenfor?

 

den systemgjennoprettingen: det er noe du kan gjøre i stede for å reformatere? er dette like effektivt som å reformatre? var en gang jeg gjorde dette (tror jeg)... stilte dataen tilbake 2 uker, og da var det ingen .exe-filer som funka... er det noe jeg gjorde feil da?

Lenke til kommentar

Systemgjenoppretting er en enkel og grei løsning i mange tilfeller der PC-en begynner å oppføre seg litt rart etter at man f.eks. har installert/avinstallert ett eller annet. Det er lurt å prøve en systemgjenoppretting til en dato der man vet ting og tang fungerte greit, før man evt. hiver seg på en reinstallering.

 

At ingen exe-filer fungerte etter en slik sys.gj.retting forekommer normalt ikke. Hva det skyldes i ditt tilfelle, vet jeg ikke. Du gjorde nok ingen feil.

Lenke til kommentar
Kunne du si hvor du fant disse trojanerene (mulig de ligger i restore-mappe, det er den som 'tømmes' når du 'nullstiller' den som nevnt over.)

 

(Nei, du skal ikke kjøre en systemgjenopretting. Du skal nullstille gjenopprettingsmappa.)

 

 

Jeg fant de som i c:\systemvolumeinformation\restore\A001524.dll (husker ikke tallene eksakt,men doe i den duren)

 

Så greit,jeg nullstiller nå.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...