Gå til innhold

» Data » IKT-drift og sikkerhet

Har jeg malware?

dort

Av dort
9. mars 2009 i IKT-drift og sikkerhet

Anbefalte innlegg

dort

dort

Skrevet 9. mars 2009

- Del

Skrevet 9. mars 2009

Steam kontoen min er kapret. Jeg lurer derfor på om fiendtlig malware er installert.

Har kjørt malewarebytes og combofix, her er loggene:

For meg ser det ikke ut som de fant noe

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1828

Windows 5.1.2600 Service Pack 3

09.03.2009 19:16:26

mbam-log-2009-03-09 (19-16-26).txt

Skanntype: Rask Skann

Objekter skannet: 63756

Tid tilbakelagt: 2 minute(s), 52 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

og

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

L:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-09 til 2009-03-09 )))))))))))))))))))))))))))))))))

.

2009-03-09 19:13 . 2009-03-09 19:13 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-03-09 19:13 . 2009-03-09 19:13 <DIR> d-------- c:\documents and settings\Atle\Programdata\Malwarebytes

2009-03-09 19:13 . 2009-03-09 19:13 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-03-09 19:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-09 19:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-22 22:20 . 2009-02-22 22:20 <DIR> d-------- c:\programfiler\Windows Media Connect 2

2009-02-22 22:18 . 2009-02-22 22:18 <DIR> d-------- c:\windows\system32\LogFiles

2009-02-22 22:18 . 2009-02-22 22:19 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-02-17 22:40 . 2009-02-17 22:40 <DIR> d-------- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP

2009-02-16 18:53 . 2009-02-16 19:03 <DIR> d-------- c:\documents and settings\Atle\Programdata\Sports Interactive

2009-02-16 18:53 . 2009-02-16 18:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\Sports Interactive

2009-02-15 22:04 . 2009-02-15 22:04 <DIR> d-------- c:\windows\system32\AGEIA

2009-02-15 22:04 . 2009-02-15 22:04 <DIR> d-------- c:\programfiler\AGEIA Technologies

2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- c:\programfiler\SystemRequirementsLab

2009-02-14 13:31 . 2009-02-14 13:31 <DIR> d-------- c:\programfiler\D-Link

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 18:09 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-03-09 18:09 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-03-09 18:09 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-03-09 18:08 --------- d-----w c:\documents and settings\All Users\Programdata\avg8

2009-03-09 17:50 --------- d-----w c:\programfiler\Steam

2009-03-03 18:51 --------- d-----w c:\programfiler\Opera

2009-02-22 21:32 --------- d-----w c:\documents and settings\Atle\Programdata\uTorrent

2009-02-18 22:10 --------- d--h--w c:\programfiler\InstallShield Installation Information

2009-02-18 21:40 --------- d-----w c:\documents and settings\Atle\Programdata\Microsoft Games

2009-02-18 21:40 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Games

2009-02-18 21:30 --------- d-----w c:\documents and settings\Atle\Programdata\wsInspector

2009-02-17 21:40 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-02-11 21:21 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2009-02-05 21:11 --------- d-----w c:\documents and settings\All Users\Programdata\Office Genuine Advantage

2009-01-31 21:31 --------- d-----w c:\programfiler\FastStone Image Viewer

2009-01-31 21:31 --------- d-----w c:\documents and settings\Atle\Programdata\FastStone

2009-01-07 10:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2009-01-06 16:22 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll

2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe

2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll

2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

2008-12-09 17:40 81 ----a-w C:\CTX.DAT

2005-06-07 12:58 765,952 ----a-w c:\documents and settings\Atle\CRLDS3D.DLL

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-09 1601304]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-06 136600]

"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-09 19:09 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"=

"d:\\Spill\\Assasins Creed\\AssassinsCreed_Dx9.exe"=

"d:\\Spill\\Assasins Creed\\AssassinsCreed_Dx10.exe"=

"d:\\Spill\\Assasins Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"d:\\Spill\\TDU\\TestDriveUnlimited.exe"=

"c:\\Programfiler\\Opera\\opera.exe"=

"d:\\Spill\\Colonization\\Colonization.exe"=

"d:\\Spill\\Mass Effect\\Binaries\\MassEffect.exe"=

"d:\\Spill\\Mass Effect\\MassEffectLauncher.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\Steam\\steamapps\\dratsva\\team fortress 2\\hl2.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\MusicBrainz Picard\\picard.exe"=

"d:\\Spill\\CoD5\\CoDWaWmp.exe"=

"d:\\Spill\\CoD5\\CoDWaW.exe"=

"d:\\Spill\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Programfiler\\D-Link\\SharePort\\SharePort Network USB Utility.exe"=

"c:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"d:\\Spill\\Mirrors Edge\\Binaries\\MirrorsEdge.exe"=

"d:\\Spill\\Neverwinternights2\\nwn2main.exe"=

"d:\\Spill\\Neverwinternights2\\nwn2main_amdxp.exe"=

"d:\\Spill\\Neverwinternights2\\nwupdate.exe"=

"d:\\Spill\\Neverwinternights2\\nwn2server.exe"=

"c:\\Programfiler\\Steam\\steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"139:TCP"= 139:TCP:192.168.0.199/255.255.255.255:Enabled:@xpsp2res.dll,-22004

"9303:UDP"= 9303:UDP:SharePort Network USB Utility UDP Port

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-09-04 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-09-04 107272]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-04 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-09 298264]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-11-11 74624]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [2008-09-04 79360]

S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]

S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [2008-12-27 44032]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2146163981-839522115-1004.job

- c:\documents and settings\Atle\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-05 15:32]

.

- - - - TOMME PEKERE FJERNET - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 19:25:13

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-117609710-2146163981-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:41,f5,58,ef,7c,c4,96,20,8e,40,c9,b2,e0,f1,eb,64,4c,e4,ee,21,14,4a,a2,

c7,83,c2,86,44,d7,c8,e2,d5,32,64,9d,31,46,2e,fb,8e,b3,20,a5,63,bc,9a,d0,90,\

"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-117609710-2146163981-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:80,35,8b,c0,87,38,8b,90,9d,05,1e,91,48,55,a4,26,2e,73,5f,4e,6d,

6b,f9,1a,cf,bc,49,5a,83,1f,88,72,d6,de,be,6a,82,99,3d,d5,90,3f,06,8e,ca,2f,\

"rkeysecu"=hex:2c,0c,74,56,d4,9c,67,cd,b8,4e,78,6a,b8,13,21,cb

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'lsass.exe'(848)

c:\windows\system32\nvLsp.dll

.

Tidspunkt ferdig: 2009-03-09 19:26:00

ComboFix-quarantined-files.txt 2009-03-09 18:25:54

Pre-Run: 24 591 073 280 byte ledig

Post-Run: 25,457,885,184 byte ledig

180 --- E O F --- 2009-02-25 22:04:13

Lenke til kommentar

Videoannonse

Annonse

r2d290

r2d290

Skrevet 10. mars 2009

- Del

Skrevet 10. mars 2009

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

DirLook:
c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP

Lagre det som CFScript på Skrivebordet

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Elbil-tråden 1 2 3 4 1012
  
  Av Countryman, 23. mai 2016 i Elbil
  - 20 230 svar
  - 1 030 861 visninger
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...