Infeksjon på pcn - ComboFix og MB logg

mattjin · 10. oktober 2011

Hei

Jeg mistenker at jeg har fått en infeksjon på pcn. Har scannet med Malawarebytes uten å finne noe. Har også scannet med Combofix men jeg trenger litt hjelp til å tolke loggen. Hadde vært fint om noen med peiling kunne sett på den:

ComboFix 11-10-10.01 - Jon M 10.10.2011 11:32:10.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3003.1947 [GMT 2:00]

Kjører fra: c:\users\Jon M\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-10 til 2011-10-10 )))))))))))))))))))))))))))))))))

.

2011-10-10 09:43 . 2011-10-10 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-10 09:09 . 2011-10-10 09:09 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A23DE9-C9A1-4632-8169-138D63C530B4}\MpKslc80464bd.sys

2011-10-10 09:09 . 2011-09-12 14:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-10 09:09 . 2011-10-10 09:09 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A23DE9-C9A1-4632-8169-138D63C530B4}\offreg.dll

2011-10-10 09:09 . 2011-09-12 14:14 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A23DE9-C9A1-4632-8169-138D63C530B4}\mpengine.dll

2011-10-08 07:41 . 2011-10-08 07:41 -------- d-----w- c:\users\Jon M\AppData\Roaming\Malwarebytes

2011-10-08 07:40 . 2011-10-08 07:40 -------- d-----w- c:\programdata\Malwarebytes

2011-10-08 07:40 . 2011-10-08 07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-08 07:40 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-07 22:12 . 2011-10-08 07:35 -------- d-----w- c:\users\Jon M\AppData\Local\Google

2011-10-07 22:09 . 2011-10-08 07:34 -------- d-----w- c:\users\Jon M\AppData\Local\Deployment

2011-10-07 22:09 . 2011-10-07 22:09 -------- d-----w- c:\users\Jon M\AppData\Local\Apps

2011-10-07 20:47 . 2011-10-07 20:47 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11482E2E-4D54-408B-ADDF-816000D2D1F0}\gapaengine.dll

2011-10-07 20:39 . 2011-10-07 20:40 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-07 20:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-10-07 19:45 . 2011-10-07 20:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-07 19:45 . 2011-10-07 19:47 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-07 14:32 . 2011-10-07 14:32 -------- d-----w- c:\users\Jon M\AppData\Roaming\OpenOffice.org

2011-10-07 14:27 . 2011-10-07 14:27 -------- d-----w- c:\program files\OpenOffice.org 3

2011-10-07 14:27 . 2011-10-07 14:27 -------- d-----w- c:\program files\Common Files\Java

2011-10-07 14:26 . 2011-10-07 14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-07 14:26 . 2011-10-07 14:26 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-07 14:26 . 2011-10-07 14:26 -------- d-----w- c:\program files\Java

2011-10-07 13:32 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7631D44-82C6-4438-BF01-9997E846637D}\mpengine.dll

2011-09-25 12:10 . 2011-09-25 12:15 -------- d-----w- c:\users\Jon M\AppData\Roaming\vlc

2011-09-25 11:48 . 2011-09-25 11:48 -------- d-----w- c:\program files\VideoLAN

2011-09-25 09:10 . 2011-09-25 09:10 -------- d-----w- c:\program files\uTorrent

2011-09-25 09:09 . 2011-10-08 08:45 -------- d-----w- c:\users\Jon M\AppData\Roaming\uTorrent

2011-09-25 09:09 . 2011-09-25 09:09 -------- d-----w- c:\users\Jon M\AppData\Local\uTorrent

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-22 04:56 . 2011-08-12 19:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:37 . 2011-08-12 19:27 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 04:34 . 2011-08-12 19:27 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 04:31 . 2011-08-12 19:27 271360 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 04:19 . 2011-08-12 19:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-12 19:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-12 19:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-12 19:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-12 19:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-09-25 641400]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]

"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Jon M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]

S1 MpKslc80464bd;MpKslc80464bd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A23DE9-C9A1-4632-8169-138D63C530B4}\MpKslc80464bd.sys [2011-10-10 28752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MPKSL315A3B18

*NewlyCreated* - MPKSLC80464BD

*Deregistered* - MpKsl315a3b18

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483379433-263188104-1938521996-1000Core.job

- c:\users\Jon M\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 07:34]

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483379433-263188104-1938521996-1000UA.job

- c:\users\Jon M\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 07:34]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_NO&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_NO&c=94&bd=Pavilion&pf=cnnb

IE: &Søkefunksjon i AOL-verktrylinjen - c:\programdata\AOL\ieToolbar\resources\nb-NO\local\search.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.2

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

.

- - - - - - - > 'Explorer.exe'(5756)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Tidspunkt ferdig: 2011-10-10 11:54:25

ComboFix-quarantined-files.txt 2011-10-10 09:54

.

Pre-Run: 235 691 716 608 byte ledig

Post-Run: 235 688 128 512 byte ledig

.

- - End Of File - - E76324D222504857CB9E68D54B1D28DF

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Databaseversjon: 7898

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

08.10.2011 10:51:51

mbam-log-2011-10-08 (10-51-51).txt

Skanntype: Full skann (C:\|D:\|)

Objekter skannet: 320332

Tid tilbakelagt: 1 time®, 6 minutt(er), 49 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

Minneprosesser infisert: