Kan noen sjekke loggene mine?

[Nopros]

Hatt problemer med Platte Malware, her er loggene. Håper dere kan hjelpe meg

 

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1945

Windows 5.1.2600 Service Pack 3

 

19.04.2009 20:54:53

mbam-log-2009-04-19 (20-54-53).txt

 

Skanntype: Rask Skann

Objekter skannet: 95607

Tid tilbakelagt: 15 minute(s), 17 second(s)

 

Minneprosesser infisert: 2

Minnemoduler infisert: 1

Registernøkler infisert: 9

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 1

Filer infisert: 7

 

Minneprosesser infisert:

C:\WINDOWS\system32\pm_proc1.exe (Trojan.Agent) -> Unloaded process successfully.

c:\WINDOWS\system32\pm_proc2.exe (Trojan.Agent) -> Unloaded process successfully.

 

Minnemoduler infisert:

C:\WINDOWS\system32\pm_dll.dll (Trojan.BHO) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{31a55ff6-32a4-4ae2-95fe-7891637f3dae} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c056b0ec-6369-452b-9879-b95a1beb0f16} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d760db63-50ba-43b5-9916-29577df6c959} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9901d610-a360-4325-b787-d13bbf4f2a1c} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9901d610-a360-4325-b787-d13bbf4f2a1c} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plsi (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

D:\Documents and Settings\All Users\Programdata\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\WINDOWS\system32\pm_dll.dll (Trojan.BHO.H) -> Delete on reboot.

C:\WINDOWS\system32\pm_proc1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pm_proc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pm_ax.ocx (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\C.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\D.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

ComboFix 09-04-19.05 - Lars 19.04.2009 21:10.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.479.148 [GMT 2:00]

Kjører fra: d:\documents and settings\Lars\Skrivebord\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090419-0] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

d:\documents and settings\Lars\Programdata\.#

d:\documents and settings\Lars\Programdata\.#\MBX@69C@3E41C8.###

d:\documents and settings\Lars\Programdata\.#\MBX@69C@3E41F8.###

d:\documents and settings\Lars\Programdata\.#\MBX@69C@3E4228.###

d:\documents and settings\Lars\Programdata\.#\MBX@9C0@3E41C8.###

d:\documents and settings\Lars\Programdata\.#\MBX@9C0@3E41F8.###

d:\documents and settings\Lars\Programdata\.#\MBX@9C0@3E4228.###

d:\documents and settings\Lars\Programdata\.#\MBX@D60@3E41C8.###

d:\documents and settings\Lars\Programdata\.#\MBX@D60@3E41F8.###

d:\documents and settings\Lars\Programdata\.#\MBX@D60@3E4228.###

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-19 til 2009-04-19 )))))))))))))))))))))))))))))))))

.

 

2009-04-19 18:35 . 2009-04-19 18:35 -------- d-----w d:\documents and settings\Lars\Programdata\Malwarebytes

2009-04-19 18:35 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-19 18:35 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-19 18:35 . 2009-04-19 18:35 -------- d-----w d:\documents and settings\All Users\Programdata\Malwarebytes

2009-04-16 12:47 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 12:47 . 2009-03-06 14:24 284160 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-16 12:47 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-16 12:47 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 12:47 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 12:47 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe

2009-04-16 12:47 . 2009-02-09 10:56 680448 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 12:47 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 12:47 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 12:47 . 2009-02-09 10:56 710656 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 12:44 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb

2009-04-16 12:44 . 2008-04-21 21:16 217088 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-08 12:31 . 2009-04-08 12:32 -------- d-----w d:\documents and settings\Jonas\Programdata\vlc

2009-04-02 19:35 . 2009-04-02 18:23 15688 ----a-w c:\windows\system32\lsdelete.exe

2009-04-02 18:39 . 2009-04-02 18:39 -------- d-----w d:\documents and settings\LocalService\Skrivebord

2009-04-02 18:23 . 2009-04-02 18:23 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-04-02 18:21 . 2009-04-02 18:22 -------- dc-h--w d:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-21 14:09 . 2009-03-21 14:09 990720 ------w c:\windows\system32\dllcache\kernel32.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-19 18:57 . 2009-04-03 14:19 4700 ----a-w C:\aaw7boot.log

2009-04-19 18:35 . 2009-04-19 18:35 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-04-19 18:25 . 2006-04-25 09:45 225178 ----a-w C:\hpfr3740.log

2009-04-18 22:58 . 2008-08-03 17:41 -------- d-----w d:\documents and settings\Jonas\Programdata\DNA

2009-04-18 20:14 . 2009-02-10 17:49 -------- d-----w d:\documents and settings\All Users\Programdata\Skype

2009-04-18 20:13 . 2008-08-03 17:41 -------- d-----w c:\programfiler\DNA

2009-04-17 21:28 . 2004-09-20 09:03 61310 ----a-w c:\windows\system32\perfc014.dat

2009-04-17 21:28 . 2004-09-20 09:03 387434 ----a-w c:\windows\system32\perfh014.dat

2009-04-16 21:36 . 2007-04-09 18:12 -------- d-----w d:\documents and settings\All Users\Programdata\Microsoft Help

2009-04-13 17:08 . 2006-09-29 15:29 -------- d-----w c:\programfiler\Paint Shop Pro 6

2009-04-13 11:39 . 2009-03-09 16:08 -------- d-----w d:\documents and settings\Jonas\Programdata\Spotify

2009-04-02 18:21 . 2009-04-02 18:21 -------- d-----w c:\programfiler\Lavasoft

2009-03-31 18:47 . 2006-04-25 00:54 -------- d-----w c:\programfiler\Java

2009-03-26 06:34 . 2008-04-24 21:00 -------- d-----w d:\documents and settings\Lars\Programdata\U3

2009-03-25 15:46 . 2006-04-28 17:24 113656 ----a-w d:\documents and settings\Oda og Tobias\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-03-19 20:42 . 2006-11-16 14:37 -------- d-----w d:\documents and settings\Jonas\Programdata\LimeWire

2009-03-14 19:48 . 2006-10-23 16:22 -------- d-----w c:\programfiler\Mario

2009-03-14 11:46 . 2009-02-12 15:45 -------- d-----w d:\documents and settings\Jonas\Programdata\mIRC

2009-03-14 11:41 . 2009-02-12 15:45 -------- d-----w c:\programfiler\mIRC

2009-03-09 16:06 . 2009-03-09 16:06 -------- d-----w c:\programfiler\Spotify

2009-03-09 15:20 . 2006-04-25 10:48 -------- d-----w c:\programfiler\Google

2009-03-09 03:19 . 2008-11-30 19:15 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-07 01:28 . 2009-03-07 01:28 42496 ----a-w c:\windows\system32\jRegistryKey.dll

2009-03-07 01:28 . 2009-03-07 01:28 1139208 ----a-w c:\windows\system32\pm_setup_util.exe

2009-03-06 14:24 . 2004-09-20 09:03 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2006-05-10 05:25 826368 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-03 00:16 . 2004-09-20 09:03 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-28 23:55 . 2009-02-28 23:55 -------- d-----w c:\programfiler\Pokemon PC 2.0

2009-02-28 04:54 . 2006-10-17 11:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe

2009-02-25 21:16 . 2009-02-25 21:16 -------- d-----w d:\documents and settings\All Users\Programdata\Office Genuine Advantage

2009-02-20 10:20 . 2007-05-10 01:18 13824 ------w c:\windows\system32\dllcache\ieudinit.exe

2009-02-20 10:20 . 2006-11-07 02:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2009-02-20 05:14 . 2006-11-07 02:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll

2009-02-10 17:11 . 2008-10-16 06:52 2067840 ------w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-10 17:11 . 2004-08-03 23:58 2067840 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:08 . 2008-10-16 06:52 1846784 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-09 14:08 . 2004-09-20 09:03 1846784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2008-10-16 06:52 2190848 ------w c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-09 11:27 . 2004-09-20 09:03 2190848 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2008-10-16 06:52 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-09 11:27 . 2008-10-16 06:52 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-09 11:27 . 2004-09-20 09:03 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:56 . 2004-09-20 09:03 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2004-09-20 09:03 729088 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2004-09-20 09:03 710656 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:56 . 2004-09-20 09:02 680448 ----a-w c:\windows\system32\advapi32.dll

2009-02-06 18:02 . 2006-04-24 17:16 113656 ----a-w d:\documents and settings\Jonas\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-02-06 10:39 . 2004-09-20 09:03 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll

2009-02-03 19:59 . 2004-09-20 09:03 56832 ----a-w c:\windows\system32\secur32.dll

2009-02-02 22:36 . 2006-04-24 17:20 113656 ----a-w d:\documents and settings\Lars\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2007-09-26 07:30 . 2006-04-24 18:58 109096 ----a-w d:\documents and settings\Heidi\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2007-08-26 15:22 . 2006-04-28 17:24 137 ----a-w d:\documents and settings\Oda og Tobias\Lokale innstillinger\Programdata\fusioncache.dat

2007-06-18 09:37 . 2006-04-24 19:56 109096 ----a-w d:\documents and settings\Emil\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2007-03-23 06:22 . 2007-03-23 06:22 660 ----a-w d:\documents and settings\Jonas\score.dat

2006-11-13 19:43 . 2006-04-24 18:58 129 ----a-w d:\documents and settings\Heidi\Lokale innstillinger\Programdata\fusioncache.dat

2006-11-02 22:21 . 2006-04-24 19:56 128 ----a-w d:\documents and settings\Emil\Lokale innstillinger\Programdata\fusioncache.dat

2006-07-29 15:54 . 2006-04-24 17:16 129 ----a-w d:\documents and settings\Jonas\Lokale innstillinger\Programdata\fusioncache.dat

2006-07-17 22:05 . 2006-04-24 17:20 128 ----a-w d:\documents and settings\Lars\Lokale innstillinger\Programdata\fusioncache.dat

2008-08-24 09:00 . 2008-08-24 09:01 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008082420080825\index.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]

"Ulead AutoDetector v2"="c:\programfiler\Fellesfiler\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-09-01 282624]

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-08 185896]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-02 515416]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

d:\documents and settings\Jonas\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

 

d:\documents and settings\Lars\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^SMART Board-verktøy.lnk]

path=d:\documents and settings\All Users\Start-meny\Programmer\Oppstart\SMART Board-verktøy.lnk

backup=c:\windows\pss\SMART Board-verktøy.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^TrayMin200.exe.lnk]

path=d:\documents and settings\All Users\Start-meny\Programmer\Oppstart\TrayMin200.exe.lnk

backup=c:\windows\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Auxiliary Power\\Demo\\DerbyDemo.exe"=

"c:\\Programfiler\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\DNA\\btdna.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programfiler\\Java\\jre6\\bin\\java.exe"=

"d:\\Documents and Settings\\Jonas\\Skrivebord\\Skype.exe"=

"c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\APPS\\skype\\phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

 

R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [2005-02-16 14382]

R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2005-02-14 32408]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-02 64160]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-04-02 951632]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:23]

 

2009-04-19 c:\windows\Tasks\HDReg.job

- c:\apps\HDReg\HDRegRem.exe [2006-03-21 08:14]

 

2009-04-19 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

 

2009-04-18 c:\windows\Tasks\Utvidet garanti.job

- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.sparebanken-hedmark.no/default.asp?p=4000

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.skolenettet.no

uInternet Settings,ProxyServer = 192.168.0.210:80

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Åpne i ny bakgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?9fac05cb93074dac9bfc3cb32c05f2d3

IE: Åpne i ny forgrunnsflik - c:\programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?9fac05cb93074dac9bfc3cb32c05f2d3

DPF: DirectEdit - hxxps://www.itslearning.com/file/DirectEdit.CAB

DPF: {358DFA15-D48C-4296-8D16-7405F918333B} - hxxp://fronter.com/ringsakergs/links/fronter_oes2.cab

FF - ProfilePath - d:\documents and settings\Lars\Programdata\Mozilla\Firefox\Profiles\jf1gipzu.default\

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npbittorrent.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-19 21:14

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-04-19 21:17

ComboFix-quarantined-files.txt 2009-04-19 19:16

 

Pre-Run: 8 938 897 408 byte ledig

Post-Run: 8 929 714 176 byte ledig

 

232 --- E O F --- 2009-04-16 21:41

[norbat]

Oppdater Malwarebytes og kjør en ny rask skann. Post loggen om den finner noe.

[Nopros]

Ok, men gjør det noe om jeg skanner igjen på en annen bruker?

 

Det går vel greit så lenge den er administrator. Eller må jeg skanne med samme bruker som jeg har skannet de loggfilene over her?

[norbat]

Skann med den brukeren du ønsker - vanligvis din egen

[Nopros]

Skann med den brukeren du ønsker - vanligvis din egen

Ok, takk.

 

Det var bare det at, skannen jeg tok i går var på pappa sin bruker.

[Nopros]

Ja, her er loggen;

 

Malwarebytes' Anti-Malware 1.36

Database version: 2013

Windows 5.1.2600 Service Pack 3

 

20.04.2009 19:27:47

mbam-log-2009-04-20 (19-27-47).txt

 

Scan type: Quick Scan

Objects scanned: 95889

Time elapsed: 4 minute(s), 58 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)