Gå til innhold

[Løst]Hjelp med loggfiler

mpitof

Av mpitof
i IKT-drift og sikkerhet

Anbefalte innlegg

mpitof

mpitof

Skrevet
Skrevet (endret)

Har problemer med malware på PCen, og fulgte guiden som ligger som sticky her på forumet, og endte opp med følgende loggfiler:

 

MBAM:

 

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2976

Windows 5.1.2600 Service Pack 3

 

18.10.2009 01:03:17

mbam-log-2009-10-18 (01-03-17).txt

 

Skanntype: Rask Skann

Objekter skannet: 111107

Tid tilbakelagt: 4 minute(s), 51 second(s)

 

Minneprosesser infisert: 1

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

C:\Documents and Settings\matped\Programdata\Microsoft\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer (Disable.MCProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Documents and Settings\matped\Programdata\Microsoft\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

ComboFix:

 

ComboFix 09-10-16.09 - matped 18.10.2009 1:11.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3027.2225 [GMT 2:00]

Kjører fra: c:\documents and settings\matped\Mine dokumenter\Nedlastinger\ComboFix.exe

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Outdated) {F7FF5F23-C774-4C0E-95BC-9EFA0875C6D1}

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {E5568598-4B92-4458-8175-BA3B6954AE2E}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\recycler\S-1-5-21-2052111302-527237240-1417001333-1003

c:\recycler\S-1-5-21-2617926417-2220079029-2281702846-1003

c:\recycler\S-1-5-21-2617926417-2220079029-2281702846-500

c:\recycler\S-1-5-21-2925198083-2741524322-2061720761-1003

c:\windows\system32\axaltocm.dll

 

----- BITS: Mulige infiserte sider -----

 

hxxp://feldps02.ad.ostfoldfk.no

hxxp://felexcas02.ad.ostfoldfk.no

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-17 til 2009-10-17 )))))))))))))))))))))))))))))))))

.

 

2009-10-17 22:56 . 2009-10-17 22:56 -------- d-----w- c:\documents and settings\matped\Programdata\Malwarebytes

2009-10-17 22:56 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-17 22:56 . 2009-10-17 22:56 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-10-17 22:56 . 2009-10-17 22:56 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-10-17 22:56 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-17 11:22 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-16 23:21 . 2009-10-16 23:21 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-10-16 23:21 . 2009-10-16 23:21 -------- d-----w- c:\programfiler\Lavasoft

2009-10-16 23:21 . 2009-10-16 23:21 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft

2009-10-16 17:10 . 2009-10-16 17:10 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure

2009-10-16 16:00 . 2009-10-16 17:01 -------- d-----w- c:\windows\BDOSCAN8

2009-10-16 10:58 . 2009-10-16 10:58 -------- d-----w- c:\documents and settings\All Users\Programdata\FLEXnet

2009-10-15 20:46 . 2009-10-15 21:02 -------- d-----w- c:\documents and settings\matped\Programdata\Apple Computer

2009-10-15 20:46 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-10-15 20:46 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-10-15 20:45 . 2009-10-15 20:45 -------- d-----w- c:\programfiler\iPod

2009-10-15 20:45 . 2009-10-15 20:46 -------- d-----w- c:\programfiler\iTunes

2009-10-15 20:45 . 2009-10-15 20:46 -------- d-----w- c:\documents and settings\All Users\Programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-15 20:45 . 2009-10-15 20:45 -------- d-----w- c:\programfiler\Bonjour

2009-10-15 20:44 . 2009-10-15 20:44 -------- d-----w- c:\documents and settings\matped\Lokale innstillinger\Programdata\Apple

2009-10-15 20:44 . 2009-10-15 20:44 -------- d-----w- c:\programfiler\Apple Software Update

2009-10-15 20:43 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-10-15 20:43 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-10-15 20:43 . 2009-10-15 20:45 -------- d-----w- c:\programfiler\Fellesfiler\Apple

2009-10-15 20:43 . 2009-10-15 21:01 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple

2009-10-15 20:43 . 2009-10-15 20:51 -------- d-----w- c:\documents and settings\matped\Lokale innstillinger\Programdata\Apple Computer

2009-10-13 21:19 . 2009-10-13 21:42 -------- d-----w- C:\b

2009-10-12 21:01 . 2009-10-12 21:02 -------- d-----w- c:\documents and settings\matped\Programdata\Nero

2009-10-12 21:00 . 2009-10-12 21:00 -------- d--h--w- c:\documents and settings\All Users\Programdata\CanonBJ

2009-10-12 21:00 . 2005-08-25 20:00 8704 ----a-w- c:\windows\system32\CNMVS7L.DLL

2009-10-12 21:00 . 2005-08-25 20:00 140288 ----a-w- c:\windows\system32\CNMLM7L.DLL

2009-10-12 20:59 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-10-12 20:59 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-10-12 20:59 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-10-12 20:59 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-10-12 20:54 . 2009-10-12 20:54 -------- d--h--w- c:\windows\system32\CanonMP Uninstaller Information

2009-10-12 20:54 . 2005-08-30 04:23 49152 ----a-w- c:\windows\system32\cncisco.dll

2009-10-12 20:54 . 2005-08-30 04:22 221184 ----a-w- c:\windows\system32\CNCC500.DLL

2009-10-12 20:54 . 2005-08-30 04:22 69632 ----a-w- c:\windows\system32\CNCI500.DLL

2009-10-12 20:54 . 2005-05-30 10:47 139264 ----a-w- c:\windows\system32\CNCL500.DLL

2009-10-12 20:53 . 2009-10-12 20:53 -------- d-----w- C:\CanonMP

2009-10-12 20:53 . 2009-10-12 20:54 -------- d-----w- c:\programfiler\Nero

2009-10-12 20:52 . 2009-10-12 20:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Nero

2009-10-12 20:52 . 2009-10-12 20:54 -------- d-----w- c:\programfiler\Fellesfiler\Nero

2009-10-12 20:27 . 2001-10-06 11:36 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2009-10-12 20:27 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-10-12 20:27 . 2008-04-13 09:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2009-10-12 20:27 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2009-10-12 18:10 . 2009-10-12 18:10 -------- d-----w- c:\programfiler\uTorrent

2009-10-12 18:09 . 2009-10-12 20:56 -------- d-----w- c:\documents and settings\matped\Programdata\uTorrent

2009-10-09 08:40 . 2009-10-09 08:40 -------- d-----w- c:\programfiler\Your Freedom

2009-10-03 14:15 . 2009-10-04 05:21 -------- d-----w- c:\documents and settings\matped\Programdata\Hamachi

2009-10-03 14:15 . 2009-10-03 14:15 26056 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-09-28 04:56 . 2009-09-28 04:56 -------- d-----w- c:\programfiler\Fellesfiler\Macrovision Shared

2009-09-21 07:14 . 2009-09-21 07:14 -------- d-----w- c:\documents and settings\Default User\Lokale innstillinger\Programdata\Microsoft Help

2009-09-21 07:14 . 2009-10-02 19:11 -------- d-----w- c:\documents and settings\master

2009-09-21 07:14 . 2009-09-21 07:14 -------- d-----w- c:\documents and settings\master\Programdata

2009-09-21 06:58 . 2009-10-14 10:00 -------- d-----w- c:\documents and settings\matped\Lokale innstillinger\Programdata\Temp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-17 23:07 . 2009-09-08 08:14 -------- d-----w- c:\documents and settings\matped\Programdata\Skype

2009-10-17 22:45 . 2009-09-08 08:15 -------- d-----w- c:\documents and settings\matped\Programdata\skypePM

2009-10-17 16:23 . 2008-04-15 03:00 81612 ----a-w- c:\windows\system32\perfc014.dat

2009-10-17 16:23 . 2008-04-15 03:00 448466 ----a-w- c:\windows\system32\perfh014.dat

2009-10-15 20:45 . 2009-04-21 11:45 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple Computer

2009-10-15 20:44 . 2009-04-21 11:45 -------- d-----w- c:\programfiler\QT Lite

2009-10-12 21:01 . 2009-09-02 06:55 68456 ----a-w- c:\documents and settings\matped\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-10-03 14:35 . 2009-09-08 08:52 -------- d-----w- c:\programfiler\Warcraft 3

2009-09-30 10:09 . 2009-03-31 13:00 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help

2009-09-28 05:00 . 2009-03-30 16:21 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-09-24 12:03 . 2009-09-13 16:49 -------- d-----w- c:\programfiler\Google

2009-09-16 09:47 . 2009-09-16 09:46 -------- d-----w- c:\programfiler\icytower1.4

2009-09-13 16:49 . 2009-09-13 16:49 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater

2009-09-11 07:27 . 2009-09-11 07:27 -------- d-----w- c:\documents and settings\matped\Programdata\vlc

2009-09-11 07:27 . 2009-09-11 07:27 -------- d-----w- c:\documents and settings\matped\Programdata\dvdcss

2009-09-08 08:49 . 2009-09-08 08:48 -------- d-----w- c:\documents and settings\matped\Programdata\Move Networks

2009-09-08 08:15 . 2009-09-08 08:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-08 08:14 . 2009-09-08 08:14 -------- d-----r- c:\programfiler\Skype

2009-09-08 08:14 . 2009-09-08 08:14 -------- d-----w- c:\programfiler\Fellesfiler\Skype

2009-09-08 08:14 . 2009-09-08 08:14 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype

2009-09-03 10:27 . 2009-09-03 10:19 -------- d-----w- c:\documents and settings\matped\Programdata\Download Manager

2009-09-02 08:25 . 2009-04-27 18:30 -------- d-----w- c:\programfiler\Microsoft Silverlight

2009-09-02 07:50 . 2009-09-02 07:50 0 ----a-w- c:\windows\nsreg.dat

2009-09-02 06:59 . 2009-09-02 06:58 -------- d-----w- c:\programfiler\Windows Live

2009-09-02 06:59 . 2009-09-02 06:59 -------- d-----w- c:\programfiler\Microsoft

2009-09-02 06:58 . 2009-09-02 06:58 -------- d-----w- c:\programfiler\Windows Live SkyDrive

2009-09-02 06:55 . 2009-09-02 06:55 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live

2009-08-28 17:42 . 2009-10-15 20:43 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-05 09:01 . 2008-04-15 03:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:38 . 2008-04-15 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:38 . 2008-04-15 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

.

 

------- Sigcheck -------

 

[-] 2009-02-01 . 3F8D90D6F8109035CF796073BA850617 . 1573376 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Skype"="c:\programfiler\Skype\Phone\skype.exe" [2009-07-16 25604904]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]

"SysTrayApp"="c:\programfiler\IDT\WDM\sttray.exe" [2008-11-18 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-27 471040]

"Apoint"="c:\programfiler\DellTPad\Apoint.exe" [2008-10-02 200704]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-31 148888]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\Pccntmon.exe" [2009-04-23 718120]

"AdobeCS4ServiceManager"="c:\programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"QuickTime Task"="c:\programfiler\QT Lite\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

c:\documents and settings\matped\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1653764164-4283110573-953603395-55877\Scripts\Logon]

"Script"=MapWebDavHomeDrive.vbs

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Warcraft 3\\war3.exe"=

"c:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Skype\\Phone\\skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R2 ATService;AuthenTec Fingerprint Service;c:\programfiler\Fingerprint Sensor\AtService.exe [27.06.2008 14:47 1664248]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 13:17 1170768]

R2 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\tmxpflt.sys [26.11.2008 18:42 225296]

R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [26.11.2008 18:42 36368]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [19.02.2009 12:47 112128]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.02.2009 12:38 110080]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [23.04.2009 09:04 338960]

R3 TmPfw;OfficeScan NT Firewall;c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe [23.04.2009 09:04 488768]

R3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe [20.01.2009 15:47 652552]

S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [13.09.2009 18:50 133104]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [15.10.2009 22:43 40448]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:22]

 

2009-10-17 c:\windows\Tasks\Google Software Updater.job

- c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-13 16:49]

 

2009-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-09-13 16:49]

 

2009-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-09-13 16:49]

 

2009-10-17 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

 

2009-10-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://utdanning.ostfoldfk.no

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: uio.no\cyberbook.extern

FF - ProfilePath - c:\documents and settings\matped\Programdata\Mozilla\Firefox\Profiles\htudtsc6.default\

FF - prefs.js: browser.startup.homepage - hxxp://utdanning.ostfoldfk.no/

FF - component: c:\programfiler\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programfiler\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-OFK domenelogin part 4-1 - c:\OFKJoinDomain4.bat

HKLM-Run-OFK domenelogin part 4-2 - c:\OFKJoinDomain4.vbs

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-18 01:15

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1376)

c:\programfiler\Trend Micro\OfficeScan Client\OsceProt.dll

 

- - - - - - - > 'lsass.exe'(1432)

c:\programfiler\Trend Micro\OfficeScan Client\OsceProt.dll

.

Tidspunkt ferdig: 2009-10-17 1:18

ComboFix-quarantined-files.txt 2009-10-17 23:18

 

Pre-Run: 83 665 117 184 byte ledig

Post-Run: 85 863 493 632 byte ledig

 

244

 

 

 

Opprinnelig problem var et keygen-vindu som åpnet seg hver gang maskinen startet. Sporet denne prosessen til svchost.exe. Har videre funnet ut at malwaren kan spre seg via en minnebrikke, har derfor også fått dette problemet på en annen laptop.

 

Så sent som i kveld fant forresten skjermbildet mitt plutselig ut at det skulle snu 90 grader, helt uten videre... Mulig dette kan ha en sammenheng?

 

Oppstartsvinduet kommer i alle fall ikke lengre opp etter at jeg kjørte MBAM, men siden guiden som ligger som sticky anbefalte å poste loggene, så gjør jeg det her :-)

Endret av mp93
Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...