[Løst] Tyding av combofix-logg

[GrandMa]

Så denne tråden som var en veiledning på hvordan sjekke om man hadde malware. Den ene loggen var det ingenting i, men combofix-loggen vet jeg ikke hvordan jeg tyder.

 

Håper dermed dere kan hjelpe. Tuuusen takk på forhånd!

 

 

 

 

ComboFix 10-11-03.04 - Eirik 05.11.2010 1:43.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.47.1044.18.1790.871 [GMT 1:00]

Kjører fra: c:\users\Eirik\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-10-05 til 2010-11-05 )))))))))))))))))))))))))))))))))

.

 

2010-11-05 00:56 . 2010-11-05 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-05 00:23 . 2010-11-05 00:23 -------- d-----w- c:\users\Eirik\AppData\Roaming\Malwarebytes

2010-11-05 00:23 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-05 00:23 . 2010-11-05 00:23 -------- d-----w- c:\programdata\Malwarebytes

2010-11-05 00:23 . 2010-11-05 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-05 00:23 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-04 00:36 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46AA9509-69EF-424F-84EB-64676FC6F868}\mpengine.dll

2010-10-27 12:26 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-10-27 12:26 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-10-27 12:26 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-10-20 12:15 . 2010-10-20 12:15 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\723bfe201cb70502c\InstallManager_WLE_WLE.exe

2010-10-20 12:14 . 2010-10-20 12:14 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\4c16fa601cb705020\MeshBetaRemover.exe

2010-10-20 12:10 . 2010-10-20 12:10 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b61cd0201cb704f19\DSETUP.dll

2010-10-20 12:10 . 2010-10-20 12:10 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b61cd0201cb704f19\DXSETUP.exe

2010-10-20 12:10 . 2010-10-20 12:10 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b61cd0201cb704f19\dsetup32.dll

2010-10-20 12:09 . 2010-10-20 12:09 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\abe0b9f01cb704f18\DXSETUP.exe

2010-10-20 12:09 . 2010-10-20 12:09 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\abe0b9f01cb704f18\dsetup32.dll

2010-10-20 12:09 . 2010-10-20 12:09 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\abe0b9f01cb704f18\DSETUP.dll

2010-10-20 12:01 . 2010-10-20 12:01 -------- d-----w- c:\users\Eirik\AppData\Local\Windows Live

2010-10-20 11:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

2010-10-17 18:32 . 2010-10-17 18:32 -------- d-----w- c:\users\Eirik\AppData\Local\Hewlett-Packard

2010-10-14 20:56 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-14 20:56 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-14 20:56 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-10-14 20:56 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-14 20:54 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys

2010-10-14 20:54 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

2010-10-14 20:54 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-14 20:54 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2010-10-10 15:52 . 2010-10-10 15:55 -------- d-----w- c:\users\Eirik\AppData\Roaming\.minecraft

2010-10-09 20:26 . 2010-10-09 20:26 -------- d-----w- c:\users\Eirik\AppData\Roaming\Octoshape

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-04 16:53 . 2009-02-28 11:07 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-11-04 16:53 . 2009-02-28 11:07 202448 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-19 09:41 . 2009-10-04 01:31 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-26 16:33 . 2010-10-27 12:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2010-08-26 16:33 . 2010-10-27 12:26 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2010-08-26 16:33 . 2010-10-27 12:26 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2010-08-26 16:33 . 2010-10-27 12:26 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2010-08-17 14:11 . 2010-09-15 12:25 128000 ----a-w- c:\windows\system32\spoolsv.exe

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2010-01-18 770728]

"EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2010-01-18 139944]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe [2010-04-14 193192]

R2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [x]

R3 ALSysIO;ALSysIO;c:\users\Eirik\AppData\Local\Temp\ALSysIO.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-08 717296]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-25 108289]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe [2010-01-07 598696]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]

 

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - speedfan

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Tilleggsskanning -------

.

uStart Page =

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Presario&pf=cnnb

IE: &Søkefunksjon i AOL-verktrylinjen - c:\programdata\AOL\ieToolbar\resources\nb-NO\local\search.html

FF - ProfilePath - c:\users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\fe3pkajp.default\

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll

FF - plugin: c:\program files\TVUPlayer\npTVUAx.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\fe3pkajp.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\fe3pkajp.default\extensions\[email protected]\plugins\npTVUAx.dll

FF - plugin: c:\users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\fe3pkajp.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\users\Eirik\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - TOMME PEKERE FJERNET - - - -

 

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

AddRemove-Convert Doc_is1 - c:\program files\Softinterface

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-05 01:56

Windows 6.0.6002 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2010-11-05 02:01:37

ComboFix-quarantined-files.txt 2010-11-05 01:01

 

Pre-Run: 60 448 923 648 byte ledig

Post-Run: 60 497 022 976 byte ledig

 

- - End Of File - - A3344060B98C59BD5CC1CA3E193A89A6

 

 

[norbat]

Loggen ser fin ut.

Sørg for at programmene dine er oppdatert. Bruk gjerne Secunia til å sjekke dette.

 

Surf trygt!

[GrandMa]

Tusen takk! <3