Gå til innhold

» Data » IKT-drift og sikkerhet

[Løst] Hjelp. Malwares og combofix logg.

Tanner

Av Tanner
2. januar 2011 i IKT-drift og sikkerhet

Anbefalte innlegg

Tanner

Tanner

Skrevet 2. januar 2011

Skrevet 2. januar 2011

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Databaseversjon: 5440

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

02.01.2011 02:23:39

mbam-log-2011-01-02 (02-23-39).txt

Skanntype: Hurtigsøk

Objekter skannet: 164218

Tid tilbakelagt: 8 minutt(er), 5 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

(Ingen skadelige objekter funnet)

Registerverdier infisert:

(Ingen skadelige objekter funnet)

Registerfiler infisert:

(Ingen skadelige objekter funnet)

Mapper infisert:

(Ingen skadelige objekter funnet)

Filer infisert

(Ingen skadelige objekter funnet)

ComboFix 11-01-01.01 - Olav Magne 02.01.2011 2:47.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4086.3174 [GMT 1:00]

Kjører fra: c:\users\Olav Magne\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-02 til 2011-01-02 )))))))))))))))))))))))))))))))))

.

2011-01-02 01:43 . 2011-01-02 01:44 -------- d-----w- C:\32788R22FWJFW

2011-01-01 23:48 . 2011-01-01 23:48 -------- d-----w- c:\windows\SysWow64\Adobe

2010-12-29 01:57 . 2010-12-29 01:57 -------- d-----w- c:\program files (x86)\Abe's Oddysee

2010-12-29 01:57 . 1997-03-24 16:42 314368 ----a-w- c:\windows\IsUninst.exe

2010-12-29 01:52 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar

2010-12-29 01:51 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2010-12-29 01:51 . 2010-12-29 01:57 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\DAEMON Tools Lite

2010-12-29 01:51 . 2010-12-29 01:51 -------- d-----w- c:\programdata\DAEMON Tools Lite

2010-12-20 16:21 . 2010-12-20 16:21 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\OpenOffice.org

2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\JRE

2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2010-12-16 17:38 . 2010-12-30 21:44 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\vlc

2010-12-15 05:14 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-12-15 05:14 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-12-15 05:14 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-12-15 05:14 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-12-15 05:14 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2010-12-15 05:14 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2010-12-15 05:14 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll

2010-12-15 05:14 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll

2010-12-15 05:14 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-15 05:14 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe

2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\Malwarebytes

2010-12-14 15:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\programdata\Malwarebytes

2010-12-14 15:10 . 2011-01-02 01:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-12-13 15:14 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2010-12-13 15:14 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2010-12-13 15:14 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2010-12-13 15:14 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2010-12-13 15:14 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2010-12-13 15:06 . 2010-12-13 15:06 -------- d-----w- C:\Riot Games

2010-12-10 23:03 . 2010-12-10 23:03 -------- d-----w- c:\program files (x86)\Common Files\Skype

2010-12-08 20:09 . 2010-12-09 16:10 -------- d-----w- c:\users\Olav Magne\UO

2010-12-08 13:03 . 2010-12-08 13:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2010-12-08 11:49 . 2010-12-08 12:11 -------- d-----w- c:\programdata\Media Center Programs

2010-12-08 11:49 . 2010-12-08 11:49 -------- d--h--w- c:\windows\PIF

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 19:39 . 2010-08-09 19:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\PHPNuke-NO\tbPHPN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-08 2975640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

R3 WatAdminSvc;WatAdminSvc; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-29 834544]

S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-08-16 7530496]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

.

- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{7E0C6414-5557-45E4-A2A0-C84F50184A3F} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-01-02 02:55:30

ComboFix-quarantined-files.txt 2011-01-02 01:55

Pre-Run: 8 843 010 048 byte ledig

Post-Run: 9 033 256 960 byte ledig

- - End Of File - - F478806399B20A24CAC5F6D240C73965

Videoannonse

Annonse

r2d290

r2d290

Skrevet 8. januar 2011

Skrevet 8. januar 2011 (endret)

Heisann

Beklager forsinkelsen. Har du merket noen problemer med PC-en, eller var dette bare en sjekk?

Endret 8. januar 2011 av r2d290

Tanner

Tanner

Skrevet 9. januar 2011

Forfatter

Skrevet 9. januar 2011

Hadde noen problemer med veldig lag på et online spill. Viste ikke om det var pcen eller nettet. Har uansett installert windows på nytt nå, og ting funker bedre.

r2d290

r2d290

Skrevet 9. januar 2011

Skrevet 9. januar 2011

Da regner jeg saken som løst =)

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Krigen mellom Israel og Hamas 1 2 3 4 1170
  
  Av Snikpellik, 12. oktober 2023 i Politikk og samfunn
  - 23 398 svar
  - 1 121 684 visninger
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...