[Løst]Sjekking av logger

[Tdnoz]

ComboFix 09-09-30.06 - tord 01.10.2009 16:27.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2046.1403 [GMT 2:00]

Kjører fra: c:\documents and settings\tord\Lokale innstillinger\Programdata\Opera\Opera\temporary_downloads\ComboFix.exe

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Anti-virus er aktiv

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\proquota.exe manglet

Gjenopprettet kopi fra - c:\windows\ServicePackFiles\i386\proquota.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-01 til 2009-10-01 )))))))))))))))))))))))))))))))))

.

 

2009-10-01 13:48 . 2009-10-01 13:48 -------- d-----w- c:\documents and settings\tord\Programdata\Malwarebytes

2009-10-01 13:48 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-01 13:48 . 2009-10-01 13:48 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-10-01 13:48 . 2009-10-01 13:48 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-10-01 13:48 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-09 16:51 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-08 17:13 . 2009-09-08 17:13 -------- d-----w- c:\documents and settings\tord\Lokale innstillinger\Programdata\Identities

2009-09-06 20:40 . 2009-09-07 18:08 -------- d-----w- C:\WinSetupFromUSB

2009-09-04 21:28 . 2009-09-04 21:28 -------- d-sh--w- c:\documents and settings\tord\IECompatCache

2009-09-04 18:22 . 2009-09-04 18:28 -------- d-----w- c:\documents and settings\tord\Programdata\ImgBurn

2009-09-04 18:13 . 2009-09-04 18:13 -------- d-----w- c:\programfiler\ImgBurn

2009-09-02 04:28 . 2009-10-01 14:02 -------- d-----w- c:\documents and settings\tord\Tracing

2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\programfiler\Microsoft

2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\programfiler\Windows Live SkyDrive

2009-09-02 04:22 . 2009-09-02 04:22 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-01 14:16 . 2004-08-04 12:00 80052 ----a-w- c:\windows\system32\perfc014.dat

2009-10-01 14:16 . 2004-08-04 12:00 444122 ----a-w- c:\windows\system32\perfh014.dat

2009-09-29 23:03 . 2009-02-25 13:06 -------- d-----w- c:\documents and settings\tord\Programdata\uTorrent

2009-09-27 16:54 . 2009-07-13 14:27 -------- d-----w- c:\documents and settings\tord\Programdata\vlc

2009-09-23 23:53 . 2009-04-10 23:33 -------- d-----w- c:\documents and settings\tord\Programdata\LimeWire

2009-09-10 16:44 . 2009-09-10 16:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf

2009-09-10 12:00 . 2009-07-14 16:16 -------- d-----w- c:\programfiler\Microsoft Silverlight

2009-09-08 08:03 . 2009-02-24 14:44 -------- d-----w- c:\programfiler\Opera

2009-09-02 04:28 . 2009-02-24 10:33 23976 ----a-w- c:\documents and settings\tord\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-09-02 04:23 . 2009-02-24 12:55 -------- d-----w- c:\programfiler\Windows Live

2009-08-15 20:38 . 2009-03-01 14:36 -------- d-----w- c:\documents and settings\tord\Programdata\dvdcss

2009-08-15 11:22 . 2009-08-15 11:22 -------- d-----w- c:\programfiler\xs

2009-08-11 18:11 . 2009-05-22 18:12 8 ----a-w- c:\windows\system32\nvModes.dat

2009-08-09 16:41 . 2009-08-09 16:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2009-08-09 16:41 . 2009-08-09 16:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-08-09 16:39 . 2009-08-09 16:39 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2009-08-09 16:39 . 2009-08-09 16:39 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2009-08-09 16:37 . 2009-08-06 21:43 -------- d-----w- c:\programfiler\Sony Ericsson

2009-08-09 16:33 . 2009-08-09 16:33 -------- d-----w- c:\programfiler\Sony Setup

2009-08-06 21:45 . 2009-08-06 21:45 -------- d-----w- c:\documents and settings\All Users\Programdata\BVRP Software

2009-08-06 21:44 . 2009-08-06 21:44 148736 ----a-w- c:\documents and settings\All Users\Programdata\hpe3FD.dll

2009-08-06 21:43 . 2009-08-06 21:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Sony Ericsson

2009-08-06 21:43 . 2009-02-23 20:18 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2009-08-06 19:33 . 2009-04-10 23:33 -------- d-----w- c:\programfiler\LimeWire

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 04:16 . 2009-02-27 10:14 -------- d-----w- c:\programfiler\Java

2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-25 03:23 . 2009-02-27 19:26 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:01 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Start WingMan Profiler"="c:\programfiler\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

"Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]

"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2009-02-24 921600]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-17 17676288]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-26 1657376]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\tord\Start-meny\Programmer\Oppstart\

OpenOffice.org 3.1.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-7 113664]

BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2009-7-13 809488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-18 22:30 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk

backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\ACER Crystal Eye webcam\\Acer Crystal Eye webcam.exe"=

"d:\\Spill\\LFS_Z\\LFS.exe"=

"d:\\Spill\\LFS_Z\\LFSTweak2Z.exe"=

"d:\\Spill\\Steam\\Steam.exe"=

"d:\\Spill\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"=

"d:\\Spill\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=

"d:\\Spill\\WiCKED-DOW2\\DOW2.exe"=

"d:\\Spill\\Steam\\steamapps\\_tdnoz_\\half-life 2 deathmatch\\hl2.exe"=

"d:\\Spill\\Electronic Arts\\Dead Space\\Dead Space.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"d:\\Spill\\Lfs 2\\LFS.exe"=

"c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Spill\\Lfs 2\\LfsRevLimiter.0.9.exe"=

 

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [13.07.2009 18:53 10384]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09.08.2009 18:39 13224]

S3 Nvbclpraei;Nvbclpraei; [x]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [06.08.2009 23:44 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [06.08.2009 23:44 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [06.08.2009 23:44 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [06.08.2009 23:44 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [06.08.2009 23:44 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [06.08.2009 23:44 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [06.08.2009 23:44 115752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4091BF1F-214C-48C8-AE3C-B74BB99D28F8}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Tilleggsskanning -------

.

uStart Page = https://www.terra.as/servlet/side?section=47311010000

IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\windows\system32\imon.dll

TCP: {689B4B6F-5177-4235-8099-E5D76BBA659F} = 192.168.0.1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-01 16:29

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(996)

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll

 

- - - - - - - > 'lsass.exe'(1052)

c:\windows\system32\imon.dll

 

- - - - - - - > 'explorer.exe'(1712)

c:\programfiler\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\btmmhook.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tidspunkt ferdig: 2009-10-01 16:30

ComboFix-quarantined-files.txt 2009-10-01 14:30

 

Pre-Run: 31 390 162 944 byte ledig

Post-Run: 31 450 484 736 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

182 --- E O F --- 2009-09-09 23:38

 

 

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 2883

Windows 5.1.2600 Service Pack 3

 

01.10.2009 15:54:15

mbam-log-2009-10-01 (15-54-15).txt

 

Skanntype: Rask Skann

Objekter skannet: 89871

Tid tilbakelagt: 3 minute(s), 45 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Documents and Settings\tord\Programdata\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

[norbat]

Det er ikke noe malware å se i loggen.

 

Du kan imidlertid gjøre følgende for å fjerne en tjeneste uten filreferanse:

 

Klikk Start->kjør

Skriv: cmd

 

Fra ledetekst, skriv følgende:

sc delete Nvbclpraei

 

Lukk cmd. Restart pc.