Gå til innhold

[Løst] Hjelp. Malwares og combofix logg.

Tanner

Av Tanner
i IKT-drift og sikkerhet

Anbefalte innlegg

Tanner

Tanner

Skrevet
Skrevet

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databaseversjon: 5440

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

02.01.2011 02:23:39

mbam-log-2011-01-02 (02-23-39).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 164218

Tid tilbakelagt: 8 minutt(er), 5 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

(Ingen skadelige objekter funnet)

 

 

 

 

 

 

 

 

 

 

 

ComboFix 11-01-01.01 - Olav Magne 02.01.2011 2:47.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4086.3174 [GMT 1:00]

Kjører fra: c:\users\Olav Magne\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-02 til 2011-01-02 )))))))))))))))))))))))))))))))))

.

 

2011-01-02 01:43 . 2011-01-02 01:44 -------- d-----w- C:\32788R22FWJFW

2011-01-01 23:48 . 2011-01-01 23:48 -------- d-----w- c:\windows\SysWow64\Adobe

2010-12-29 01:57 . 2010-12-29 01:57 -------- d-----w- c:\program files (x86)\Abe's Oddysee

2010-12-29 01:57 . 1997-03-24 16:42 314368 ----a-w- c:\windows\IsUninst.exe

2010-12-29 01:52 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar

2010-12-29 01:51 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2010-12-29 01:51 . 2010-12-29 01:57 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\DAEMON Tools Lite

2010-12-29 01:51 . 2010-12-29 01:51 -------- d-----w- c:\programdata\DAEMON Tools Lite

2010-12-20 16:21 . 2010-12-20 16:21 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\OpenOffice.org

2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\JRE

2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2010-12-16 17:38 . 2010-12-30 21:44 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\vlc

2010-12-15 05:14 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-12-15 05:14 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-12-15 05:14 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-12-15 05:14 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

2010-12-15 05:14 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2010-12-15 05:14 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2010-12-15 05:14 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll

2010-12-15 05:14 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll

2010-12-15 05:14 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-15 05:14 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe

2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\Malwarebytes

2010-12-14 15:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\programdata\Malwarebytes

2010-12-14 15:10 . 2011-01-02 01:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-12-13 15:14 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

2010-12-13 15:14 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

2010-12-13 15:14 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2010-12-13 15:14 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2010-12-13 15:14 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2010-12-13 15:06 . 2010-12-13 15:06 -------- d-----w- C:\Riot Games

2010-12-10 23:03 . 2010-12-10 23:03 -------- d-----w- c:\program files (x86)\Common Files\Skype

2010-12-08 20:09 . 2010-12-09 16:10 -------- d-----w- c:\users\Olav Magne\UO

2010-12-08 13:03 . 2010-12-08 13:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2010-12-08 11:49 . 2010-12-08 12:11 -------- d-----w- c:\programdata\Media Center Programs

2010-12-08 11:49 . 2010-12-08 11:49 -------- d--h--w- c:\windows\PIF

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-16 19:39 . 2010-08-09 19:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136]

 

[HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

 

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

 

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\PHPNuke-NO\tbPHPN.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

 

[HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}]

 

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-08 2975640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

R3 WatAdminSvc;WatAdminSvc; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-29 834544]

S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-08-16 7530496]

 

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

.

- - - - TOMME PEKERE FJERNET - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{7E0C6414-5557-45E4-A2A0-C84F50184A3F} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

 

 

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-01-02 02:55:30

ComboFix-quarantined-files.txt 2011-01-02 01:55

 

Pre-Run: 8 843 010 048 byte ledig

Post-Run: 9 033 256 960 byte ledig

 

- - End Of File - - F478806399B20A24CAC5F6D240C73965

Videoannonse

Videoannonse
Annonse
r2d290

r2d290

Skrevet
Skrevet (endret)

Heisann

 

Beklager forsinkelsen. Har du merket noen problemer med PC-en, eller var dette bare en sjekk?

Endret av r2d290
Tanner

Tanner

Skrevet
  • Forfatter
Skrevet

Hadde noen problemer med veldig lag på et online spill. Viste ikke om det var pcen eller nettet. Har uansett installert windows på nytt nå, og ting funker bedre. :)

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...