[Løst]Kan noen sjekke loggene mine?

krikol · 1. februar 2010

Kom noe dritt inn på dataen her om dagen, usikker på om eg har fått fjernet alt.

Mbam logg:

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3671

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

01.02.2010 11:25:57

mbam-log-2010-02-01 (11-25-57).txt

Skanntype: Rask Skann

Objekter skannet: 115612

Tid tilbakelagt: 5 minute(s), 16 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 4

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmimzmhmfm (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\Users\Kristoffer\AppData\Local\Temp\SearchHostProtocol.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

C:\Users\Kristoffer\AppData\Local\Temp\mvNat.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Combofix logg:

ComboFix 10-01-31.03 - Kristoffer 01.02.2010 11:48:44.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.2269 [GMT 1:00]

Kjører fra: c:\users\Kristoffer\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Kristoffer\AppData\Roaming\.#

c:\windows\Fonts\MyriadPro-Regular.otf

c:\windows\Suyin.reg

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-01 til 2010-02-01 )))))))))))))))))))))))))))))))))

.

2010-02-01 10:58 . 2010-02-01 10:59 -------- d-----w- c:\users\Kristoffer\AppData\Local\temp

2010-02-01 10:58 . 2010-02-01 10:58 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2010-02-01 10:58 . 2010-02-01 10:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Malwarebytes

2010-02-01 10:18 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-01 10:18 . 2010-02-01 10:18 -------- d-----w- c:\programdata\Malwarebytes

2010-02-01 10:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-01 07:19 . 2010-02-01 07:19 52224 ----a-w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-01 07:19 . 2010-02-01 07:19 117760 ----a-w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\SUPERAntiSpyware.com

2010-02-01 07:18 . 2010-02-01 07:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-02-01 01:58 . 2010-02-01 01:59 -------- d-----w- c:\program files\QuickTime

2010-02-01 00:19 . 2010-02-01 00:19 -------- d-----w- c:\program files\Audacity

2010-01-29 22:50 . 2010-01-29 22:50 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\MPEG Streamclip

2010-01-29 22:43 . 2010-01-29 22:43 -------- d-----w- c:\program files\Xvid

2010-01-29 22:43 . 2009-06-07 15:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2010-01-29 22:43 . 2009-06-07 15:16 819200 ----a-w- c:\windows\system32\xvidcore.dll

2010-01-29 21:12 . 2010-01-29 21:12 -------- d-----w- c:\programdata\FLEXnet

2010-01-29 21:02 . 2010-01-29 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2010-01-13 11:21 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 11:21 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 10:53 . 2008-05-13 05:59 77322 ----a-w- c:\windows\system32\perfc014.dat

2010-02-01 10:53 . 2008-05-13 05:59 455230 ----a-w- c:\windows\system32\perfh014.dat

2010-02-01 10:45 . 2009-05-30 13:08 77722 ----a-w- c:\programdata\nvModes.dat

2010-02-01 10:44 . 2009-05-30 13:10 12 ----a-w- c:\windows\bthservsdp.dat

2010-02-01 10:40 . 2009-10-31 16:03 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\LimeWire

2010-02-01 10:40 . 2009-09-14 10:43 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\uTorrent

2010-02-01 07:10 . 2009-08-02 18:09 -------- d-----w- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game

2010-02-01 02:02 . 2009-09-02 19:57 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\TuneUpMedia

2010-02-01 01:45 . 2009-08-01 10:36 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\vlc

2010-02-01 00:04 . 2009-05-30 14:44 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Apple Computer

2010-01-31 23:30 . 2008-05-12 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-31 23:29 . 2009-05-30 14:42 -------- d-----w- c:\programdata\Apple Computer

2010-01-31 23:26 . 2008-05-12 20:05 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-31 22:55 . 2009-05-31 12:13 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Spotify

2010-01-29 21:41 . 2009-12-04 19:57 -------- d-----w- c:\program files\WinAVI MP4 Converter

2010-01-29 21:19 . 2009-05-30 13:11 103032 ----a-w- c:\users\Kristoffer\AppData\Local\GDIPFONTCACHEV1.DAT

2010-01-29 21:09 . 2008-04-30 07:25 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-22 16:17 . 2009-08-12 00:42 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-14 10:12 . 2009-10-03 09:02 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 11:29 . 2008-05-12 20:14 -------- d-----w- c:\programdata\Microsoft Help

2010-01-13 11:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-02 06:38 . 2010-01-21 20:30 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-21 20:30 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-21 20:30 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-21 20:30 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-01-01 21:04 . 2010-01-01 21:02 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Teleca

2010-01-01 21:04 . 2010-01-01 21:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf

2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\program files\Common Files\Teleca Shared

2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\programdata\HTC

2010-01-01 21:01 . 2010-01-01 21:01 -------- d-----w- c:\programdata\Teleca

2010-01-01 21:01 . 2010-01-01 21:00 -------- d-----w- c:\program files\HTC

2010-01-01 21:00 . 2010-01-01 21:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-01-01 21:00 . 2010-01-01 21:00 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2009-12-26 14:40 . 2009-12-26 14:40 -------- d-----w- c:\program files\Vstep

2009-12-21 11:09 . 2009-12-21 11:09 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-15 21:44 . 2009-12-15 21:44 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\Epson

2009-12-15 21:40 . 2009-12-15 21:12 -------- d-----w- c:\program files\Common Files\EPSON

2009-12-15 21:17 . 2009-11-05 14:12 -------- d-----w- c:\program files\epson

2009-12-15 21:17 . 2009-12-15 21:17 -------- d-----w- c:\programdata\UDL

2009-12-15 21:16 . 2009-12-15 21:14 -------- d-----w- c:\program files\Epson Software

2009-12-15 21:14 . 2009-12-15 21:13 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint

2009-12-15 21:12 . 2009-12-15 21:11 -------- d-----w- c:\program files\EpsonNet

2009-12-07 17:26 . 2009-06-01 15:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-09 12:31 . 2009-12-08 21:17 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-08 21:17 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-08 21:17 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-11-05 13:59 . 2009-11-05 13:59 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-04 14:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-05-30 22:43 . 2009-05-30 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-14 289584]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Google Update"="c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-30 135664]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-07 6265376]

"Skytel"="Skytel.exe" [2008-08-07 1833504]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Jamcast"="c:\program files\Jamcast Beta\jcsvrmgr.exe" [2009-11-03 253952]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]

"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-5-30 1216512]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):03,cb,87,12,1b,fb,c9,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl [30.05.2009 14:31 61424]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01.06.2009 16:19 108289]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03.03.2008 12:11 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [30.05.2009 14:32 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [12.05.2008 21:36 24576]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06.04.2008 21:42 50424]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [30.05.2009 14:32 122368]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [30.05.2009 14:19 233472]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [30.05.2009 23:41 43552]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03.06.2009 11:43 685816]

S2 Jamcast;Jamcast;c:\program files\Jamcast Beta\jamcastsvc.exe [03.11.2009 17:00 61440]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04.04.2008 02:03 131072]

S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe --> c:\program files\NetMeeting\comp.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 03:23 179712]

S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504]

S3 HTCAND32;HTC Device Driver;c:\windows\System32\drivers\ANDROIDUSB.sys [01.01.2010 22:00 24576]

S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [30.05.2009 14:15 84240]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-01-31 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422659018-1902692424-1412168192-1000Core.job

- c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-30 21:44]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-422659018-1902692424-1412168192-1000UA.job

- c:\users\Kristoffer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-30 21:44]

.

------- Tilleggsskanning -------

.

uStart Page = www.google.no

mStart Page = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Kristoffer\AppData\Roaming\Mozilla\Firefox\Profiles\26aef26t.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Kristoffer\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\users\Kristoffer\AppData\Roaming\Mozilla\Firefox\Profiles\26aef26t.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 11:58

Windows 6.0.6002 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8577C856]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x8a5aad24

\Driver\ACPI -> acpi.sys @ 0x80699d68

\Driver\atapi -> ataport.SYS @ 0x807a8a2c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie00.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-422659018-1902692424-1412168192-1000\Software\SecuROM\License information*]

"datasecu"=hex:9b,ef,15,16,7f,15,de,09,ef,03,76,03,00,5f,e4,39,c5,cc,d1,37,9a,

06,c2,07,68,41,43,7a,44,34,8e,50,c1,c6,82,0c,41,2c,79,5e,94,88,4e,b9,34,82,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2010-02-01 12:01:42

ComboFix-quarantined-files.txt 2010-02-01 11:01

Pre-Run: 66 266 542 080 byte ledig

Post-Run: 66 269 974 528 byte ledig

- - End Of File - - D8AFC59D287EA2FFA357F069C2EC810F

krikol · 2. februar 2010

Nå kommer det opp advarsler om trojanere osv...hjelp

norbat · 2. februar 2010

Last ned mbr.exe, lagre det det direkte under C:

Åpne notisblokk og kopier inn følgende:

@echo off

cd\

mbr.exe -t

start mbr.log

lagre notisblokkfila på skrivebordet som mbr.bat

(du må sette filtype til 'alle filer' før du trykker lagre)

Dobbeltklikk på mbr.bat (som nå ligger på skrivebordet). Det lages en logg, mbr.log som du kopierer i din neste post.

krikol · 2. februar 2010

Denne?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8576A856]<<

kernel: MBR read successfully

user & kernel MBR OK

norbat · 2. februar 2010

Ja.

Kjør en ny runde med veiledningen (mbam og combofix). Husk å oppdatere mbam. Post loggene.

krikol · 2. februar 2010

okok

mbam:

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3680

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

02.02.2010 21:47:46

mbam-log-2010-02-02 (21-47-46).txt

Skanntype: Rask Skann

Objekter skannet: 115572

Tid tilbakelagt: 5 minute(s), 24 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Combofix:

ComboFix 10-02-01.05 - Kristoffer 02.02.2010 21:53:08.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.1477 [GMT 1:00]

Kjører fra: c:\users\Kristoffer\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-02 til 2010-02-02 )))))))))))))))))))))))))))))))))

.

2010-02-02 21:00 . 2010-02-02 21:00 -------- d-----w- c:\users\Kristoffer\AppData\Local\temp

2010-02-02 21:00 . 2010-02-02 21:00 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-02-02 21:00 . 2010-02-02 21:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2010-02-02 21:00 . 2010-02-02 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-02-02 20:29 . 2010-02-02 20:29 77312 ----a-w- C:\mbr.exe

2010-02-01 17:50 . 2010-02-01 17:50 -------- d-----w- c:\programdata\Adobe Systems

2010-02-01 16:46 . 2010-02-01 16:46 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-02-01 16:46 . 2010-02-01 16:59 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\DAEMON Tools Lite

2010-02-01 16:45 . 2010-02-01 16:46 -------- d-----w- c:\programdata\DAEMON Tools Lite

2010-02-01 16:43 . 2010-02-01 16:43 -------- d-----w- c:\users\Kristoffer\AppData\Roaming\DAEMON Tools Pro

2010-02-01 16:43 . 2010-02-01 16:43 -------- d-----w- c:\programdata\DAEMON Tools Pro