Analyse av logger. Mulig falsk positiv av Norton

[nok123]

her kommer MBAM loggen:

Malwarebytes' Anti-Malware 1.41

Databaseversjon: 3033

Windows 6.0.6001 Service Pack 1

 

25.10.2009 23:16:56

mbam-log-2009-10-25 (23-16-56).txt

 

Skanntype: Rask Skann

Objekter skannet: 86855

Tid tilbakelagt: 4 minute(s), 56 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 5

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.

[nok123]

her kommer combofix loggen (vet ikke om jeg poster dette riktig, bare gi beskjed vis det er galt)

 

ComboFix 09-10-25.01 - data1 25.10.2009 23:41.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3197.2289 [GMT 1:00]

Kjører fra: c:\users\data1\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Temp\log.txt

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-25 til 2009-10-25 )))))))))))))))))))))))))))))))))

.

 

2009-10-26 03:18 . 2009-10-26 03:18 -------- d-----w- c:\windows\system32\oem

2009-10-26 03:11 . 2008-12-29 22:57 952832 ----a-w- c:\windows\system32\drivers\athr.sys

2009-10-26 03:10 . 2009-03-17 18:28 452096 ----a-w- c:\windows\system32\drivers\CHDRT32.sys

2009-10-26 03:10 . 2009-03-04 22:31 1715712 ----a-w- c:\windows\system32\CX32GP17.dll

2009-10-26 03:10 . 2009-02-20 23:21 258048 ----a-w- c:\windows\system32\UCI32A38.dll

2009-10-26 03:10 . 2009-02-20 00:14 4184 ----a-w- c:\windows\system32\drivers\CDConfig.bin

2009-10-26 03:10 . 2009-02-19 21:58 70144 ----a-w- c:\windows\system32\FMPropPageExt.dll

2009-10-26 03:10 . 2009-02-19 21:57 111616 ----a-w- c:\windows\system32\CDolbyExt32.dll

2009-10-26 03:10 . 2006-11-02 22:21 274 ----a-w- c:\windows\LAUNAPP.REG

2009-10-26 03:10 . 2009-10-26 03:10 -------- d-----w- c:\windows\Lan

2009-10-25 22:53 . 2009-10-25 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\users\data1\AppData\Roaming\Malwarebytes

2009-10-25 22:10 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\programdata\Malwarebytes

2009-10-25 22:10 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-25 22:03 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll

2009-10-25 19:51 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-25 19:30 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-10-25 19:30 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-10-25 19:30 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-10-25 19:30 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll

2009-10-25 19:30 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-10-25 19:30 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-10-25 19:30 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2009-10-25 19:22 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll

2009-10-25 19:22 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll

2009-10-25 19:22 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-10-25 19:22 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll

2009-10-25 19:22 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll

2009-10-25 19:20 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-10-25 19:19 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-25 19:17 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-10-25 19:17 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-10-25 19:17 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-10-25 19:17 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-10-25 19:17 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-10-25 19:17 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

2009-10-25 19:17 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-10-25 19:17 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-10-25 19:17 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-10-25 19:17 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-10-25 19:16 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll

2009-10-25 19:16 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll

2009-10-25 19:16 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-10-25 19:16 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-10-25 19:14 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-25 19:08 . 2009-10-25 19:13 -------- d-----w- c:\users\data1\AppData\Roaming\Spotify

2009-10-25 19:08 . 2009-10-25 19:08 -------- d-----w- c:\users\data1\AppData\Local\Spotify

2009-10-25 19:08 . 2009-10-25 19:08 -------- d-----w- c:\program files\Spotify

2009-10-25 18:55 . 2009-10-25 18:55 -------- d-----w- c:\users\data1\AppData\Local\Mozilla

2009-10-25 18:46 . 2009-10-25 18:47 -------- d-----w- c:\program files\CONEXANT

2009-10-25 18:45 . 2009-08-26 00:08 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2009-10-25 18:45 . 2009-10-25 18:56 -------- d-----w- c:\program files\Symantec

2009-10-25 18:45 . 2009-10-25 18:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-10-25 18:45 . 2009-10-25 18:46 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-10-25 18:44 . 2009-10-25 18:53 -------- d-----w- c:\users\data1\AppData\Local\Google

2009-10-25 18:44 . 2009-10-25 18:44 -------- d-----w- c:\users\data1\AppData\Local\VirtualStore

2009-10-25 18:43 . 2009-10-25 18:43 -------- dc----w- c:\windows\system32\DRVSTORE

2009-10-25 18:43 . 2009-10-25 18:43 -------- d-----w- c:\program files\AMD

2009-10-25 18:43 . 2008-05-28 16:54 22072 ----a-w- c:\windows\system32\drivers\usbfilter.sys

2009-10-25 18:43 . 2009-10-25 18:43 71256 ----a-w- c:\users\data1\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-25 18:43 . 2009-10-25 18:43 -------- d-----w- c:\users\data1\AppData\Local\Packard Bell

2009-10-25 18:43 . 2009-10-25 18:43 -------- d-----w- c:\windows\oem

2009-10-25 18:42 . 2009-10-25 22:16 -------- d-----w- c:\programdata\Partner

2009-10-25 18:42 . 2009-10-25 18:49 -------- d-----w- c:\program files\Google

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\users\Default\Start-meny

2009-10-25 18:27 . 2009-10-25 18:27 0 ----a-w- c:\windows\ativpsrm.bin

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-26 03:18 . 2009-03-28 14:30 -------- d-----w- c:\program files\Packard Bell

2009-10-26 03:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-10-25 22:27 . 2009-03-28 14:38 76478 ----a-w- c:\windows\system32\perfc014.dat

2009-10-25 22:27 . 2009-03-28 14:38 452326 ----a-w- c:\windows\system32\perfh014.dat

2009-10-25 19:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-25 18:56 . 2009-10-25 18:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-10-25 18:56 . 2009-10-25 18:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-10-25 18:48 . 2009-10-25 18:48 -------- d-----w- c:\program files\ATI

2009-10-25 18:48 . 2009-10-25 18:48 10134 ----a-r- c:\users\data1\AppData\Roaming\Microsoft\Installer\{91D87975-616E-C6E2-6AB0-AC48E6E3C8B4}\ARPPRODUCTICON.exe

2009-10-25 18:48 . 2009-10-25 18:48 -------- d-----w- c:\program files\ATI Technologies

2009-10-25 18:46 . 2009-03-28 06:48 -------- d-----w- c:\programdata\Symantec

2009-10-25 18:45 . 2009-03-28 06:48 -------- d-----w- c:\programdata\Norton

2009-10-25 18:43 . 2009-10-25 18:43 0 ----a-w- c:\windows\system32\drivers\PackardBell_EasyNoteTJ61_N-A_LXB790X010925B7AFE2200.MRK

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Start-meny

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Skrivebord

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Programdata

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Maler

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Favoritter

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\programdata\Dokumenter

2009-10-25 18:35 . 2009-10-25 18:35 -------- d-sh--we c:\program files\Fellesfiler

2009-10-25 18:26 . 2009-03-28 07:26 16 ----a-w- c:\windows\SetLang.bat

2009-09-04 12:24 . 2009-10-25 19:13 61440 ----a-w- c:\windows\system32\msasn1.dll

2009-08-27 05:22 . 2009-10-25 22:07 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-27 05:17 . 2009-10-25 22:07 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-08-27 05:17 . 2009-10-25 22:07 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-08-27 03:42 . 2009-10-25 22:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-14 17:07 . 2009-10-25 19:15 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 16:29 . 2009-10-25 19:15 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 16:29 . 2009-10-25 19:15 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 14:16 . 2009-10-25 19:15 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 14:16 . 2009-10-25 19:15 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 14:16 . 2009-10-25 19:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 14:16 . 2009-10-25 19:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 14:16 . 2009-10-25 19:15 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 14:16 . 2009-10-25 19:15 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 14:16 . 2009-10-25 19:15 10240 ----a-w- c:\windows\system32\finger.exe

2009-10-25 18:42 . 2009-10-25 21:58 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-25 68856]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-25 30192]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [25.10.2009 19:56 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [25.10.2009 19:56 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [25.10.2009 19:56 482432]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSvix86.sys [25.10.2009 19:48 342576]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [25.10.2009 19:56 117640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25.10.2009 09:00 102448]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04.09.2008 05:12 223232]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [25.10.2009 19:56 48688]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [25.10.2009 19:43 22072]

S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11.09.2007 00:45 124832]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 03:23 179712]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25.10.2009 19:42 30192]

S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [25.10.2009 19:42 110576]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - MBR

*NewlyCreated* - SYMIM

*Deregistered* - mbr

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-10-25 c:\windows\Tasks\Packard Bell Customer Registration Reminder - data1.job

- c:\program files\Packard Bell\Packard Bell Customer Registration\PBCReg.exe [2009-03-30 12:23]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&s=2&o=vp32&d=1009&m=easynote_tj61

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0414&s=2&o=vp32&d=1009&m=easynote_tj61

FF - ProfilePath - c:\users\data1\AppData\Roaming\Mozilla\Firefox\Profiles\qn0gkbw7.default\

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-25 23:54

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

.

Tidspunkt ferdig: 2009-10-25 23:56

ComboFix-quarantined-files.txt 2009-10-25 22:56

 

Pre-Run: 275 227 361 280 byte ledig

Post-Run: 275 232 825 344 byte ledig

 

- - End Of File - - 95843EB641A230862B47C8FFADE51A2E

[nok123]

Noen som ser noe feil?

[norbat]

Beklager treig respons...

 

Loggen ser grei ut. Det ligger en tjeneste som du godt kan fjerne, Partner Service.

 

Gjør følgende:

Kjør cmd som administrator

Skriv fra ledetekst: sc delete Partner Service

 

Deretter kan du avinstallere combofix ved å skrive combofix /uninstall i kjør/søk-feltet