Kan noen sjekke loggene i fra Mbam og Combofix?

[k-h-s]

Grunnen til at jeg gjorde dette var pga jeg fikk platemedia popups

 

logg i fra Malwarebytes' Anti-Malware 1.35

Malwarebytes' Anti-Malware 1.35

Databaseversjon: 1917

Windows 5.1.2600 Service Pack 3

 

30.03.2009 17:04:06

mbam-log-2009-03-30 (17-04-06).txt

 

Skanntype: Rask Skann

Objekter skannet: 89757

Tid tilbakelagt: 14 minute(s), 50 second(s)

 

Minneprosesser infisert: 2

Minnemoduler infisert: 0

Registernøkler infisert: 51

Registerverdier infisert: 8

Registerfiler infisert: 2

Mapper infisert: 1

Filer infisert: 15

 

Minneprosesser infisert:

C:\WINDOWS\system32\pm_proc1.exe (Trojan.Agent) -> Unloaded process successfully.

c:\WINDOWS\system32\pm_proc2.exe (Trojan.Agent) -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2f223fdc-164a-492c-82d0-055fd8ce349c} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4d3bc08f-3c13-4cd1-80f4-f5a7b7d0388f} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5ba3ee9b-a96e-4301-b839-388afefcd9f4} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{85292bee-65ff-41ad-8e72-b385d1c93c89} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{861adda2-0216-49ac-aa5b-62f64f1d91d1} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d3014ae-0854-4222-a733-d9dd0149d9fa} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9a9e938c-4a18-4b36-a973-dadcd8a1c268} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9c4d0d3f-f36e-42a3-9b35-a43c08ab1866} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{abd41a08-5c4d-4cdb-8310-a681e73755bf} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b151b421-a97b-4c1d-b555-eed8a35ba5c8} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b3d80493-3013-4e93-a878-4cefc401f4a6} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bdc7bb72-6c19-415d-86c3-76cc46ec00a9} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ce351b84-f0d6-4fa0-aad7-3c0616ea647e} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d64dcdae-38cd-488c-a85c-00a0b5c03ae8} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d9f4d801-2431-465a-b754-ab9e3b649e8c} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e0dbb136-fcd7-4180-9207-d4a9e822002e} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d810b78a-d010-44df-8445-ac58086b600e} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{099a05c2-cda0-41ff-9a38-dd8b6149a766} (Rogue.Spylocked) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43f17331-a5e4-06f3-d43c-e94ad9443a0d} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{31a55ff6-32a4-4ae2-95fe-7891637f3dae} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c056b0ec-6369-452b-9879-b95a1beb0f16} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d760db63-50ba-43b5-9916-29577df6c959} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9901d610-a360-4325-b787-d13bbf4f2a1c} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9901d610-a360-4325-b787-d13bbf4f2a1c} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004de1b (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06399bc3-eefb-4587-0502-28eb54bf5071} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{06399bc3-eefb-4587-0502-28eb54bf5071} (Adware.BHO) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plsi (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Programfiler\Platte (Adware.Platte) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\WINDOWS\system32\pm_dll.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jixayvhvmqgryyyn.dll-uninst.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eier\Lokale innstillinger\Temp\Midlertidig mappe 1 for flight simulator 1998.zip\setup.exe (Adware.SnappyAds) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eier\Lokale innstillinger\Temp\nsb6B.tmp\InstallOptions.dll (Adware.MilehighAds) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eier\Lokale innstillinger\Temp\nsb6B.tmp\wansis.dll (Adware.MilehighAds) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eier\Lokale innstillinger\Temp\nsb6B.tmp\downloads\68.ex_ (Adware.SnappyAds) -> Quarantined and deleted successfully.

C:\Programfiler\Platte\im2.jpg (Adware.Platte) -> Quarantined and deleted successfully.

C:\Programfiler\Platte\Platte Utility.lnk (Adware.Platte) -> Quarantined and deleted successfully.

C:\Programfiler\Platte\platte.psys (Adware.Platte) -> Quarantined and deleted successfully.

C:\Programfiler\Platte\pm_viewer.exe (Adware.Platte) -> Quarantined and deleted successfully.

C:\Programfiler\Platte\theXXXcollection.htm (Adware.Platte) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pm_proc1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pm_proc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pm_ax.ocx (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jixayvhvmqgryyyn.dll (Adware.BHO) -> Quarantined and deleted successfully.

 

 

 

 

 

Logg i fra ComboFix

 

 

 

ComboFix 09-03-29.04 - Eier 2009-03-30 17:22:25.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1015.461 [GMT 2:00]

Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)

AV: Panda Antivirus + Firewall 2008 *On-access scanning enabled* (Updated)

FW: Norton Internet Security *enabled*

FW: Panda Antivirus 2008 Personal Firewall *enabled*

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programfiler\Mozilla Firefox\components\jixayvhvmqgryyyn.dll

c:\windows\IE4 Error Log.txt

c:\windows\system32\iAlmcoin.dll

C:\xcrashdump.dat

D:\Autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-28 til 2009-03-30 )))))))))))))))))))))))))))))))))

.

 

2009-03-30 16:34 . 2009-03-30 16:34 <DIR> d-------- c:\documents and settings\Eier\Programdata\Malwarebytes

2009-03-30 16:33 . 2009-03-30 16:33 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-03-30 16:33 . 2009-03-30 16:33 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-03-30 16:33 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-30 16:33 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-17 19:50 . 2009-03-17 19:56 <DIR> d-------- c:\programfiler\iTunes

2009-03-17 19:50 . 2009-03-17 19:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-17 19:33 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll

2009-03-17 15:08 . 2009-03-19 22:55 <DIR> d--hs---- C:\4229876921

2009-03-09 01:48 . 2009-03-30 14:53 162 --a------ c:\windows\system32\pinf.sys

2009-03-09 01:25 . 2009-03-09 01:25 1,139,208 --a------ c:\windows\system32\pm_setup_util.exe

2009-03-09 01:25 . 2009-03-09 01:25 161,862 --a------ c:\windows\system32\theXXXcollection.ico

2009-03-09 01:25 . 2009-03-09 01:25 42,496 --a------ c:\windows\system32\jRegistryKey.dll

2009-03-09 01:25 . 2009-03-30 14:45 321 ---hs---- c:\windows\system32\4229876921.sys

2009-03-06 10:40 . 2009-03-06 10:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\Office Genuine Advantage

2009-02-26 17:32 . 2009-02-26 17:32 <DIR> d-------- c:\programfiler\mbpowertools

2009-02-10 20:45 . 2009-02-10 20:45 <DIR> d-------- c:\programfiler\OpenTTD

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-30 15:47 --------- d-----w c:\documents and settings\Eier\Programdata\DNA

2009-03-30 15:20 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-03-30 15:20 1,224 ----a-w c:\windows\system32\drivers\APPFLTR.CFG

2009-03-30 15:18 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-03-30 15:17 363,048 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-03-30 15:17 363,048 ----a-w c:\windows\system32\drivers\APPFCONT.DAT

2009-03-30 15:17 --------- d-----w c:\programfiler\Packard Bell Data Secure

2009-03-30 15:17 --------- d-----w c:\programfiler\DNA

2009-03-17 17:52 --------- d-----w c:\programfiler\iPod

2009-03-17 17:51 --------- d-----w c:\programfiler\Fellesfiler\Apple

2009-03-17 17:37 --------- d-----w c:\programfiler\QuickTime

2009-03-08 20:00 --------- d-----w c:\programfiler\LimeWire

2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-02-27 08:30 --------- d-----w c:\programfiler\Microsoft Silverlight

2009-02-09 16:32 --------- d-----w c:\programfiler\Messenger Plus! Live

2009-02-09 14:08 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-05 17:56 --------- d-----w c:\documents and settings\Eier\Programdata\BitTorrent

2009-01-30 16:02 --------- d-----w c:\documents and settings\All Users\Programdata\DVD Shrink

2009-01-17 12:57 399,360 ----a-w c:\windows\system32\dllcache\rpcss.dll

2009-01-05 19:55 413,696 ----a-w c:\windows\system32\wrap_oal.dll

2009-01-05 19:55 110,592 ----a-w c:\windows\system32\OpenAL32.dll

2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll

2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe

2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-14 13:32 192,512 ----a-w c:\windows\system32\UAService7.exe

2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-12-05 06:58 144,896 ----a-w c:\windows\system32\schannel.dll

2008-11-15 20:26 30 ----a-w c:\documents and settings\Eier\jagex_runescape_preferences.dat

2004-05-05 20:59 0 -csha-w c:\windows\SMINST\HPCD.sys

2008-09-08 12:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008090820080909\index.dat

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acme.PCHButton"="c:\progra~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2003-10-31 159744]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]

"Packard Bell Data Secure"="c:\programfiler\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"LDM"="c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-27 67128]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"BitTorrent DNA"="c:\programfiler\DNA\btdna.exe" [2008-12-19 342848]

"NVIEW"="nview.dll" [2003-08-19 c:\windows\system32\nview.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"CamMonitor"="c:\programfiler\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"UpdateManager"="c:\programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472]

"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]

"Ulead AutoDetector"="c:\programfiler\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\CD_Data\Monitor.exe" [2003-02-27 45056]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"REGSHAVE"="c:\programfiler\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"NeroFilterCheck"="c:\programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"APVXDWIN"="c:\programfiler\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" [2007-10-04 455984]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"nwiz"="nwiz.exe" [2003-08-19 c:\windows\system32\nwiz.exe]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-02-17 c:\windows\ALCXMNTR.EXE]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Image Transfer.lnk - c:\programfiler\Sony Corporation\Image Transfer\SonyTray.exe [2004-06-15 73728]

Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-06-27 67128]

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-18 805392]

SiWake.lnk - c:\programfiler\Wireless LAN Utility\SiWake.exe [2008-01-01 135168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2007-02-15 19:02 50736 c:\windows\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Programfiler\\LEGO Media\\Constructive\\LEGO LOCO\\Exe\\Loco.exe"=

"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programfiler\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=

"c:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Programfiler\\EA GAMES\\Battlefield 1942\\DedicatedServer.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Programfiler\\DNA\\btdna.exe"=

"c:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-05-27 71608]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-05-27 51256]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-05-27 21816]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-05-27 191672]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-05-27 16:54:48 132664]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-05-27 38968]

R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-05-27 37304]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-05-27 30648]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-05-27 24760]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-05-27 178872]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-05-27 143160]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

S0 gqubj;gqubj;c:\windows\system32\drivers\pwmlbn.sys --> c:\windows\system32\drivers\pwmlbn.sys [?]

S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2006-08-05 36981]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-07-18 36864]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - ComFiltr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-03-30 c:\windows\Tasks\Packard Bell Data Secure for Eier.job

- c:\programfiler\Packard Bell Data Secure\DSMsg.exe [2006-04-13 14:50]

 

2009-03-30 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-RecordNow! - (no file)

HKLM-Run-HPHUPD05 - c:\programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

HKLM-Run-VTTimer - VTTimer.exe

 

 

.

------- Tilleggsskanning -------

.

uLocal Page = %SystemRoot%\blank.htm

uStart Page = hxxp://www.startsiden.no/

mLocal Page = %SystemRoot%\blank.htm

mStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\programfiler\Panda Security\Panda Antivirus + Firewall 2008\pavlsp.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.147.37.1/activex/AMC.cab

FF - ProfilePath -

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-30 17:47:02

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus Photo RX500 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"??~M??????H????????????a?w????????????????49???????????????????b?w????49??????<???8???????????h??w????49??????z??w49??????????)??|???????

 

skanner skjulte filer ...

 

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1008)

c:\windows\SYSTEM32\avldr.dll

c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll

c:\programfiler\fellesfiler\logitech\bluetooth\LBTServ.dll

c:\windows\SYSTEM32\igfxsrvc.dll

c:\windows\SYSTEM32\hccutils.DLL

.

Tidspunkt ferdig: 2009-03-30 17:51:13

ComboFix-quarantined-files.txt 2009-03-30 15:49:55

 

Pre-Run: 43 941 523 456 byte ledig

Post-Run: 49,365,155,840 byte ledig

 

228 --- E O F --- 2009-03-17 17:04:18

 

Endret 30. mars 2009 av k-h-s

[raWrz]

kan du vårsåsnill og ta bort [code} taggen? synes det er irriterende og lese logger i code

[k-h-s]

Sånn, håper det er enklere for deg å lese nå

[raWrz]

hei.

du har 2 antivirus programmer innstalert, det er ikke noe lurt så du må bestemme deg om du vil ha Norton Internet Security eller Panda Antivirus 2008.

 

velg 1. for og avinnstalere norton og 2 for og avinnstalere panda:

 

1. last ned Norton removal Tool og kjør det. det vil fjerne alle restene til Norton og ALT som har noe med norton og gjøre! når den er ferdig starter du dataen på nytt

 

2. last ned Panda Uninstaller kjør det og det vil slette alt som har noe men Pana Antivirus og gjøre! start dataen på nytt når den er ferdig

[k-h-s]

Ja, jeg så den nå...

Men formatert pcen og alt sammen, har ikke lagt in norton etter det, kun panda siden vi har betalt frem til 2010...

Men skal få fjerna norton 100% i morgen slik du sier;)

[k-h-s]

Sånn... Nå har jeg fått bort norton og skal ta en scan på begge på nytt;)