[Løst] Kan noen se over disse loggene?

[IcedInsanity]

Mbam logg:

 

 

 

Malwarebytes' Anti-Malware 1.44

Databaseversjon: 3858

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

12.03.2010 11:48:42

mbam-log-2010-03-12 (11-48-42).txt

 

Skanntype: Rask Skann

Objekter skannet: 106715

Tid tilbakelagt: 4 minute(s), 41 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Acer\downloads\MediaPlayerCodecInstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

 

 

Combo logg

 

 

ComboFix 10-03-11.05 - Acer 12.03.2010 12:23:15.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3036.1801 [GMT 1:00]

Kjører fra: c:\users\Acer\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Suyin.reg

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-12 til 2010-03-12 )))))))))))))))))))))))))))))))))

.

 

2010-03-12 11:28 . 2010-03-12 11:28 -------- d-----w- c:\users\Acer\AppData\Local\temp

2010-03-12 11:28 . 2010-03-12 11:28 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-03-12 11:28 . 2010-03-12 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-12 10:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-12 10:42 . 2010-03-12 10:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-12 10:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-11 02:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 02:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-11 02:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-05 18:59 . 2010-03-05 18:59 454838 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_F61621A1952D8512F70AF1.exe

2010-03-05 18:59 . 2010-03-05 18:59 454838 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}\_6AF5DFF688609ABE0D0CEA.exe

2010-03-05 18:59 . 2010-03-05 18:59 -------- d-----w- c:\program files\AutomationLabs

2010-03-02 23:03 . 2010-03-02 23:03 -------- d-----w- c:\program files\Oldgames

2010-02-27 11:50 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-02-27 11:50 . 2010-02-25 09:56 21320 ----a-w- c:\windows\system32\authuitu.dll

2010-02-27 11:50 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-02-27 11:50 . 2010-02-27 11:50 -------- d-----w- c:\users\Acer\AppData\Roaming\TuneUp Software

2010-02-27 11:50 . 2010-02-27 11:50 -------- d-----w- c:\program files\TuneUp Utilities 2010

2010-02-27 11:50 . 2010-02-27 11:50 -------- d-----w- c:\programdata\TuneUp Software

2010-02-27 11:49 . 2010-02-27 11:49 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-02-24 12:50 . 2010-02-24 12:50 70672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-02-23 22:35 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-23 22:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-02-23 22:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll

2010-02-23 22:34 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-02-23 22:34 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-02-23 22:34 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-02-23 22:34 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-02-23 22:34 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-02-23 22:34 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-02-23 22:34 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-02-23 22:34 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-02-23 22:34 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-02-23 22:34 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-02-18 15:07 . 2010-02-18 15:07 11592400 ----a-w- c:\programdata\Voddler\VoddlerPlayer.exe

2010-02-16 11:30 . 2010-02-16 11:30 -------- d-----w- c:\program files\Defraggler

2010-02-14 01:25 . 2010-02-14 01:25 98304 ----a-w- c:\users\Acer\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-12 11:01 . 2008-01-21 06:14 76478 ----a-w- c:\windows\system32\perfc014.dat

2010-03-12 11:01 . 2008-01-21 06:14 452326 ----a-w- c:\windows\system32\perfh014.dat

2010-03-12 10:54 . 2010-02-14 01:25 -------- d-----w- c:\users\Acer\AppData\Roaming\LimeWire

2010-03-11 17:37 . 2010-01-30 16:00 27716 ----a-w- c:\users\Acer\AppData\Roaming\settings.dat

2010-03-11 13:37 . 2009-07-16 12:52 79060 ----a-w- c:\programdata\nvModes.dat

2010-03-11 02:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-11 02:03 . 2009-01-24 06:00 -------- d-----w- c:\programdata\Microsoft Help

2010-03-10 15:31 . 2010-01-19 21:16 -------- d-----w- c:\users\Acer\AppData\Roaming\Spotify

2010-03-07 18:16 . 2009-09-30 11:22 -------- d-----w- c:\program files\Unity

2010-03-02 20:10 . 2009-10-05 16:42 -------- d-----w- c:\users\Acer\AppData\Roaming\Skype

2010-03-02 19:16 . 2009-09-06 10:07 -------- d-----w- c:\users\Acer\AppData\Roaming\skypePM

2010-02-24 12:50 . 2009-07-13 11:02 8224 ----a-w- c:\users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-19 12:37 . 2010-01-29 10:38 520340 ----a-w- c:\programdata\Voddler\Uninstall.exe

2010-02-14 01:37 . 2009-08-01 17:50 -------- d-----w- c:\users\Acer\AppData\Roaming\FrostWire

2010-02-14 01:25 . 2010-02-14 01:25 98304 ----a-w- c:\users\Acer\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll

2010-01-31 12:12 . 2010-01-31 12:12 -------- d-----w- c:\program files\EA SPORTS

2010-01-29 10:38 . 2010-01-29 10:38 -------- d-----w- c:\programdata\Voddler

2010-01-29 10:38 . 2010-01-29 10:38 -------- d-----w- c:\program files\Voddler

2010-01-23 18:36 . 2009-01-24 06:55 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-22 02:17 . 2009-10-02 13:28 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-19 21:15 . 2010-01-19 21:15 -------- d-----w- c:\program files\Spotify

2010-01-18 20:06 . 2010-01-18 20:06 -------- d-----w- c:\program files\NovaLogic

2010-01-17 15:13 . 2009-11-01 20:26 -------- d-----w- c:\programdata\Messenger Plus!

2010-01-17 15:04 . 2009-11-01 13:56 -------- d-----w- c:\program files\Messenger Plus! Live

2010-01-06 15:38 . 2010-02-23 22:34 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-01-06 15:38 . 2010-02-23 22:34 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-01-06 15:38 . 2010-02-23 22:34 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-01-06 15:38 . 2010-02-23 22:34 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-01-02 06:38 . 2010-01-22 00:10 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 00:10 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 00:10 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 00:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-19 13:05 . 2009-12-19 13:05 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-17 11:39 . 2009-12-17 11:39 499712 ----a-w- c:\programdata\Voddler\MSVCP71.DLL

2009-12-17 11:39 . 2009-12-17 11:39 348160 ----a-w- c:\programdata\Voddler\msvcr71.dll

2009-12-17 11:39 . 2009-12-17 11:39 339968 ----a-w- c:\programdata\Voddler\SDL.dll

2009-12-17 11:39 . 2009-12-17 11:39 212992 ----a-w- c:\programdata\Voddler\glew32.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-06 3883856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-02-18 573640]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

 

c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):df,c9,10,14,c2,51,ca,01

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - AVGIDSErHrvtx

*Deregistered* - AvgLdx86

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.dymasearch.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0709&m=aspire_6930g

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\l3v5fxy9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.dymasearch.com/search.php?src=tops&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=logo

FF - prefs.js: keyword.URL - hxxp://www.dymasearch.com/search.php?src=tops&q=

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-12 12:28

Windows 6.0.6002 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2010-03-12 12:29:50

ComboFix-quarantined-files.txt 2010-03-12 11:29

ComboFix2.txt 2009-08-13 21:36

 

Pre-Run: 178 718 220 288 byte ledig

Post-Run: 178 146 910 208 byte ledig

 

- - End Of File - - 0295372493E5F07BE48007BAD656720D

 

 

 

 

Takker for hjelp

[snippsat]

Ser bra ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Sjekk om software er oppdatert Secunia

[IcedInsanity]

Takk takk