Hjelp til å se over log-filer mbam+combofix

[gunnberg]

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databaseversjon: 5382

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

23.12.2010 14:28:38

mbam-log-2010-12-23 (14-28-38).txt

 

Skanntype: Full skann (C:\|)

Objekter skannet: 250516

Tid tilbakelagt: 52 minutt(er), 9 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 6

Mapper infisert: 0

Filer infisert 2

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

c:\documents and settings\Anneline\lokale innstillinger\programdata\myvrmfcax\htmlayout.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\documents and settings\Tonys\lokale innstillinger\programdata\myvrmfcax\htmlayout.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

 

 

 

 

******************************************************

 

 

 

ComboFix 10-12-22.05 - Tonys 23.12.2010 16:06:51.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1534.746 [GMT 1:00]

Kjører fra: c:\documents and settings\Tonys\Mine dokumenter\Downloads\ComboFix.exe

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Oeminfo.ini

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-11-23 til 2010-12-23 )))))))))))))))))))))))))))))))))

.

 

2010-12-23 12:23 . 2010-12-23 12:23 -------- d-----w- c:\documents and settings\Tonys\Programdata\Malwarebytes

2010-12-23 12:23 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-23 12:23 . 2010-12-23 12:23 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-12-23 12:23 . 2010-12-23 12:23 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-12-23 12:23 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-16 00:44 . 2010-12-16 00:44 -------- d-----w- c:\programfiler\Sony Ericsson

2010-12-16 00:44 . 2010-12-16 00:44 -------- d-----w- c:\documents and settings\All Users\Programdata\Sony Ericsson

2010-12-15 22:44 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 22:44 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2010-12-15 22:01 . 2010-12-15 22:01 -------- d-----w- c:\windows\ShellNew

2010-12-15 22:01 . 2010-12-15 22:01 -------- d-----w- c:\programfiler\AutoHotkey

2010-12-10 16:50 . 2010-12-21 17:08 -------- d-----w- c:\documents and settings\Anneline\Programdata\Spotify

2010-12-10 16:50 . 2010-12-21 17:08 -------- d-----w- c:\documents and settings\Anneline\Lokale innstillinger\Programdata\Spotify

2010-12-04 17:44 . 2010-12-04 17:45 82464616 ----a-w- c:\programfiler\Fellesfiler\Windows Live\.cache\wlc2F2D.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:15 . 2004-09-14 15:26 81920 ------w- c:\windows\system32\isign32.dll

2010-11-12 17:53 . 2010-04-22 13:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34 . 2009-03-23 18:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-06 00:22 . 1979-12-31 23:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:22 . 1979-12-31 23:00 43520 ------w- c:\windows\system32\licmgr10.dll

2010-11-06 00:22 . 1979-12-31 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 1979-12-31 23:00 385024 ------w- c:\windows\system32\html.iec

2010-11-02 15:17 . 1979-12-31 23:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 1979-12-31 23:00 290048 ------w- c:\windows\system32\atmfd.dll

2010-10-26 14:00 . 1979-12-31 23:00 1853312 ------w- c:\windows\system32\win32k.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Google Update"="c:\documents and settings\Tonys\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]

"Sony Ericsson PC Companion"="c:\programfiler\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-16 422912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-28 344064]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"LCONTROL"="c:\programfiler\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-19 77824]

"LFKA"="c:\programfiler\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-15 315392]

"LENOVO.TPFNF6R"="c:\programfiler\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-11-10 417792]

"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552]

"IntelZeroConfig"="c:\programfiler\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]

"IntelWireless"="c:\programfiler\Fellesfiler\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Anneline\Start-meny\Programmer\Oppstart\

OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - c:\programfiler\ThinkPad\Bluetooth Software\BTTray.exe [2005-7-21 577597]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\TVAnts\\Tvants.exe"=

"c:\\Programfiler\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Documents and Settings\\Tonys\\Lokale innstillinger\\Programdata\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp (UI)

"9090:TCP"= 9090:TCP:SqueezeCenter 9090 tcp (CLI)

"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp

"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

 

R2 LFKAS;Service of LFKA;c:\programfiler\Lenovo\ATK Hotkey\LFKAS.exe [11.10.2009 01:37 208896]

R2 TPHKSVC;Visning på skjermen;c:\programfiler\Lenovo\HOTKEY\TPHKSVC.exe [11.10.2009 01:54 62320]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23.12.2010 13:23 38224]

S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [28.12.2009 23:44 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programfiler\Lenovo\HOTKEY\micmute.exe [11.10.2009 01:54 45424]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.06.2010 13:12 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.06.2010 13:12 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.06.2010 13:12 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.06.2010 13:12 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.06.2010 13:12 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.06.2010 13:12 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.06.2010 13:12 109736]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\programfiler\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [16.12.2010 01:44 155344]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - MBAMSWISSARMY

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-28 22:44]

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-12-28 22:44]

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29032480-4229358306-806400937-1007Core.job

- c:\documents and settings\Tonys\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-04-26 19:06]

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29032480-4229358306-806400937-1007UA.job

- c:\documents and settings\Tonys\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2009-04-26 19:06]

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29032480-4229358306-806400937-1008Core.job

- c:\documents and settings\Anneline\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-05-15 02:54]

 

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29032480-4229358306-806400937-1008UA.job

- c:\documents and settings\Anneline\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-05-15 02:54]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

uInternet Settings,ProxyOverride = *.local

IE: Send til &Bluetooth - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-ISUSPM Startup - c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-ISUSScheduler - c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

Notify-NavLogon - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-23 16:14

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(876)

c:\windows\system32\Ati2evxx.dll

.

Tidspunkt ferdig: 2010-12-23 16:16:10

ComboFix-quarantined-files.txt 2010-12-23 15:15

 

Pre-Run: 69 361 479 680 byte ledig

Post-Run: 71 675 211 776 byte ledig

 

- - End Of File - - D816B42418ADB675321CA8299BB6719A

[r2d290]

Hei Grunnberg

 

Jeg kan ikke se noen infeksjoner i Combofix-loggen.

 

Har du merket noen problemer, postet du loggen fordi MBAM ga utslag, eller var det bare en sjekk?

Hvis du merket noen problemer, hvordan går det isåfall med disse?

 

Vennligst flytt ComboFix.exe fra c:\documents and settings\Tonys\Mine dokumenter\Downloads\ til Skrivebordet ditt.

[gunnberg]

den har bare begynt å bli småtreg, og når den gjorde en reboot før idag fikk jeg lyst til å ta en sjekk. MBAM fant seks filer jeg måtte slette. Flytte combofix til skrivebordet og kjøre på nytt?

[r2d290]

Ville bare vite hvordan maskinen fungerte før jeg ba deg avinstallere det. Jeg må si jeg er litt usikker på om ComboFix blir avinstallert når du flytter den til Skrivebordet uten å kjøre et søk først. Men prøv først følgende:

 

Gå til Start > Kjør (Evt. trykk Windowstast+R)

Skriv følgende i boksen:

 

• combofix /uninstall

 

PS: legg merke til mellomrommet mellom x og /uninstall

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  
  • 
    ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

  [*] Skjule filetternavn hvis det er nødvendig.

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

  [*] Nullstille systemgjennoprettingspunkter.

 

Dersom combofix ikke blir fjernet fra Skrivebordet må du kjøre en ny runde med ComboFix før du gjentar avinstalleringsprosedyren.

 

 

Noen ting du kan gjøre som kanskje vil være med på å gjøre maskinen raskere:

 

Last ned kjør CCleaner (http://www.filehippo.com/download_ccleaner/)

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte)

---

Defragmere.

Auslogics Disk Defrag (http://www.download.com/Auslogics-Disk-Defrag/3000-2094_4-10567503.html) + Free Registry Defrag (http://www.download.com/Free-Registry-Defrag/3000-2094_4-10553700.html) + Pagedefrag (http://www.snapfiles.com/get/pagedefrag.html)

---

Restart bruk pcen se om dett hjelper.