Gå til innhold

[Løst] win32/bitcoinminer.A - logger vedlagt

Vooon

Av Vooon
i IKT-drift og sikkerhet

Anbefalte innlegg

Vooon

Vooon

Skrevet
Skrevet

de siste par dagene har windows rapportert om win32/bitcoinminer.A, ser ut til at den blir oppdaget i firefox. Det blir fjernet hver gang, men det ser ikke ut til å være permanent. Første symptomet er at cpu kjører på maks guffe og vifta setter i gang. Noen som vet hva dette er? Finner null brukelig info om fjerning ved google søk, finner ingenting med avast (sikkerhetsmodus), eller malwarebytes.

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7390

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

06.08.2011 02:04:15

mbam-log-2011-08-06 (02-04-15).txt

 

Scan type: Quick scan

Objects scanned: 180227

Time elapsed: 2 minute(s), 32 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

ComboFix 11-08-05.02 - Eirik 06.08.2011 2:09.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1033.18.4007.2538 [GMT 2:00]

Kjører fra: c:\users\Eirik\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-07-06 til 2011-08-06 )))))))))))))))))))))))))))))))))

.

.

2011-08-06 00:13 . 2011-08-06 00:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-08-06 00:13 . 2011-08-06 00:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-02 13:00 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{404E899F-5336-42D0-B52F-8AEF4F9D589D}\mpengine.dll

2011-07-30 20:46 . 2011-07-30 20:46 -------- d-----w- c:\users\Eirik\AppData\Roaming\Malwarebytes

2011-07-30 20:46 . 2011-07-30 20:46 -------- d-----w- c:\programdata\Malwarebytes

2011-07-30 20:46 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-30 20:46 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-30 20:46 . 2011-07-30 20:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-30 19:43 . 2011-07-30 19:43 -------- d-----w- c:\program files (x86)\XNotes

2011-07-30 19:43 . 2011-07-30 19:43 -------- d-----w- c:\program files (x86)\Safari

2011-07-30 19:43 . 2011-07-30 19:43 -------- d-----w- c:\program files (x86)\Opera

2011-07-30 19:43 . 2011-07-30 19:43 -------- d-----w- c:\program files (x86)\Google Chrome

2011-07-30 19:43 . 2011-07-30 19:43 -------- d-----w- c:\program files (x86)\Cleaner

2011-07-29 14:19 . 2011-07-29 14:19 823449 --sha-w- c:\program files (x86)\Mozilla Firefox\bin\firefox.exe

2011-07-29 14:18 . 2011-07-29 14:18 625299 --sha-w- c:\program files (x86)\Internet Explorer\bin\iexplore.exe

2011-07-28 12:16 . 2011-07-28 12:16 786432 --sha-w- c:\program files (x86)\Internet Explorer\bin\bin\iexplore.exe

2011-07-26 17:41 . 2010-07-07 03:52 386923 ----a-w- c:\windows\KMSAct.exe

2011-07-17 23:06 . 2011-07-17 23:06 -------- d-----w- C:\FM Genie Scout 11

2011-07-15 13:34 . 2011-07-15 13:34 -------- d-----w- c:\program files\CCleaner

2011-07-15 11:23 . 2011-07-15 11:25 -------- d-----w- c:\users\Eirik\AppData\Roaming\TrueCrypt

2011-07-15 11:23 . 2011-07-15 11:23 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2011-07-15 11:23 . 2011-08-05 12:20 -------- d-----w- c:\program files\TrueCrypt

2011-07-10 19:31 . 2011-07-10 19:31 -------- d-----w- c:\program files\Media Player Classic - Home Cinema

2011-07-09 07:56 . 2011-07-09 08:00 -------- d-----w- c:\programdata\eMule

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-01 20:36 . 2011-06-27 08:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-27 18:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-27 18:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-27 16:26 . 2011-06-27 16:26 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-27 16:26 . 2011-06-27 16:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-27 16:26 . 2011-06-27 16:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-27 16:26 . 2011-06-27 16:26 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-27 16:26 . 2011-06-27 16:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-27 16:26 . 2011-06-27 16:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-27 16:26 . 2011-06-27 16:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-27 16:26 . 2011-06-27 16:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-27 16:26 . 2011-06-27 16:26 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-27 16:26 . 2011-06-27 16:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-27 16:26 . 2011-06-27 16:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-06-27 16:26 . 2011-06-27 16:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-27 16:26 . 2011-06-27 16:26 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-27 16:26 . 2011-06-27 16:26 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-06-27 16:26 . 2011-06-27 16:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-27 16:26 . 2011-06-27 16:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-27 16:26 . 2011-06-27 16:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-27 16:26 . 2011-06-27 16:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-27 16:26 . 2011-06-27 16:26 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-27 16:26 . 2011-06-27 16:26 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-06-27 16:26 . 2011-06-27 16:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-27 16:26 . 2011-06-27 16:26 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-06-27 16:26 . 2011-06-27 16:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-27 16:26 . 2011-06-27 16:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-27 16:26 . 2011-06-27 16:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-27 16:26 . 2011-06-27 16:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-27 16:26 . 2011-06-27 16:26 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-27 16:26 . 2011-06-27 16:26 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-27 16:26 . 2011-06-27 16:26 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-27 16:26 . 2011-06-27 16:26 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-27 16:26 . 2011-06-27 16:26 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-27 16:26 . 2011-06-27 16:26 448512 ----a-w- c:\windows\system32\html.iec

2011-06-27 16:26 . 2011-06-27 16:26 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-27 16:26 . 2011-06-27 16:26 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-06-27 16:26 . 2011-06-27 16:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-27 16:26 . 2011-06-27 16:26 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-27 16:26 . 2011-06-27 16:26 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-27 16:26 . 2011-06-27 16:26 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-27 16:26 . 2011-06-27 16:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-27 16:26 . 2011-06-27 16:26 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-27 16:26 . 2011-06-27 16:26 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-27 16:26 . 2011-06-27 16:26 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-27 14:50 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll

2011-06-27 14:49 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll

2011-06-27 08:06 . 2011-06-27 08:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-16 18:00 . 2011-06-27 11:17 83968 ----a-w- c:\windows\system32\ff_vfw.dll

2011-06-16 08:00 . 2011-06-27 11:16 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-06-14 17:38 . 2011-06-28 17:52 2899176 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-06-14 11:40 . 2011-06-28 17:52 1483264 ----a-w- c:\windows\system32\RCoRes64.dat

2011-06-13 17:04 . 2011-06-28 17:52 1560680 ----a-w- c:\windows\system32\RTSnMg64.cpl

2011-06-10 15:35 . 2011-06-28 17:52 603472 ----a-w- c:\windows\system32\KAAPORT64.dll

2011-06-07 15:09 . 2011-06-28 17:52 2405992 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-06-03 12:11 . 2011-06-28 17:52 1805928 ----a-w- c:\windows\system32\RtkApi64.dll

2011-06-03 05:57 . 2011-07-13 11:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-06-02 15:03 . 2011-06-28 17:52 92264 ----a-w- c:\windows\system32\RCoInst64.dll

2011-06-02 00:15 . 2011-06-27 11:16 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2011-06-02 00:10 . 2011-06-27 11:16 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll

2011-05-31 08:09 . 2011-06-28 17:52 3114088 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-05-31 07:42 . 2011-06-28 17:52 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll

2011-05-31 07:42 . 2011-06-28 17:52 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll

2011-05-31 07:42 . 2011-06-28 17:52 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll

2011-05-31 07:42 . 2011-06-28 17:52 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll

2011-05-31 07:42 . 2011-06-28 17:52 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll

2011-05-27 15:58 . 2011-06-28 17:52 1284712 ----a-w- c:\windows\RtlExUpd.dll

2011-05-24 17:14 . 2011-06-27 08:07 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 11:42 . 2011-06-29 15:58 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 15:58 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 15:58 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 15:58 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 15:58 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-23 15:12 . 2011-06-28 17:52 1245288 ----a-w- c:\windows\system32\RTCOM64.dll

2011-05-21 06:01 . 2011-06-30 19:19 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-05-21 06:01 . 2011-06-30 19:19 694888 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2011-05-21 06:01 . 2011-06-30 19:19 67176 ----a-w- c:\windows\system32\OpenCL.dll

2011-05-21 06:01 . 2011-06-30 19:19 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-05-21 06:01 . 2011-06-30 19:19 7123560 ----a-w- c:\windows\system32\nvcuda.dll

2011-05-21 06:01 . 2011-06-30 19:19 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-05-21 06:01 . 2011-06-30 19:19 366696 ----a-w- c:\windows\system32\nvoptimusmft.dll

2011-05-21 06:01 . 2011-06-30 19:19 362600 ----a-w- c:\windows\system32\nvdecodemft.dll

2011-05-21 06:01 . 2011-06-30 19:19 326248 ----a-w- c:\windows\SysWow64\nvoptimusmft.dll

2011-05-21 06:01 . 2011-06-30 19:19 300136 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2011-05-21 06:01 . 2011-06-30 19:19 2943592 ----a-w- c:\windows\system32\nvcuvid.dll

2011-05-21 06:01 . 2011-06-30 19:19 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-05-21 06:01 . 2011-06-30 19:19 27240 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2011-05-21 06:01 . 2011-06-30 19:19 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-05-21 06:01 . 2011-06-30 19:19 22286952 ----a-w- c:\windows\system32\nvoglv64.dll

2011-05-21 06:01 . 2011-06-30 19:19 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-05-21 06:01 . 2011-06-30 19:19 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-05-21 06:01 . 2011-06-30 19:19 18583144 ----a-w- c:\windows\system32\nvcompiler.dll

2011-05-21 06:01 . 2011-06-30 19:19 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-09 984400]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"XNotes"="c:\program files (x86)\XNotes\XNotes.exe" [2011-07-30 507518]

.

c:\users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Cleaner.lnk - c:\program files (x86)\Cleaner\Cleaner.exe [2011-7-30 3668934]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 10:30]

.

2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 10:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 84.208.20.110 84.208.20.111

FF - ProfilePath - c:\users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\w5nm7a8b.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.aftenposten.no/

.

- - - - TOMME PEKERE FJERNET - - - -

.

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-2764077201-188787410-2677190194-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]

"GameDir"="c:\\Users\\Eirik\\Documents\\Sports Interactive\\Football Manager 2011\\games"

"ShortlistDir"="c:\\Users\\Eirik\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"

"FMPath"="f:\\Spill\\FM\\"

"ScreenshotsDir"="c:\\Users\\Eirik\\Documents\\Sports Interactive\\Football Manager 2011"

"SaveDir"="c:\\Users\\Eirik\\Documents\\Sports Interactive\\Football Manager 2011\\"

"HistoryDir"="c:\\FM Genie Scout 11\\History Points"

"LangDB"="f:\\Spill\\FM\\data\\updates\\update-1130\\db\\1130\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="PSV Eindhoven"

"LastUpdateCheck"=dword:00009f37

"VersionOf"=dword:0000007b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000081

"UniqueID"="66-A9B0-E10F"

"Currency"=dword:00000056

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:00000005

"StaffSearchFeatureNum"=dword:00000000

"ClubSearchFeatureNum"=dword:00000002

"FilterByClubFeatureNum"=dword:00000009

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000002

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:0000000a

"HintsFeatureNum"=dword:00000000

"GenieReportFeatureNum"=dword:00000000

"TopFormationFeatureNum"=dword:00000001

"ScreenshotFeatureNum"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{6EF568F4-D437-4466-AA63-A3645136D93E}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-08-06 02:15:21

ComboFix-quarantined-files.txt 2011-08-06 00:15

.

Pre-Run: 9 442 729 984 bytes free

Post-Run: 9 305 022 464 bytes free

.

- - End Of File - - 96A6835AB29A27BBFBF10961A6FB7994

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
Vooon

Vooon

Skrevet
  • Forfatter
Skrevet

klippet fra windows defender alert:

 

program:win32/bitcoinminer.A

 

Category:

Potentially Unwanted Software

 

Description:

This program has potentially unwanted behavior.

 

Advice:

Permit this detected item only if you trust the program or the software publisher.

 

Resources:

file:

C:\Program Files (x86)\Mozilla Firefox\bin\bin\firefox.exe

 

process:

pid:4168

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...