Gå til innhold

» Data » IKT-drift og sikkerhet

ComboFix og MB logg infisert

TaZ

Av TaZ
17. oktober 2011 i IKT-drift og sikkerhet

Anbefalte innlegg

TaZ

TaZ

Skrevet 17. oktober 2011

- Del

Skrevet 17. oktober 2011

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Databaseversjon: 7966

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

17.10.2011 20:56:11

mbam-log-2011-10-17 (20-56-11).txt

Skanntype: Hurtigsøk

Objekter skannet: 184490

Tid tilbakelagt: 1 minutt(er), 43 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

(Ingen skadelige objekter funnet)

Registerverdier infisert:

(Ingen skadelige objekter funnet)

Registerfiler infisert:

(Ingen skadelige objekter funnet)

Mapper infisert:

(Ingen skadelige objekter funnet)

Filer infisert

(Ingen skadelige objekter funnet)

ComboFix 11-10-17.02 - odin 17.10.2011 20:42:23.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3946.2936 [GMT 2:00]

Kjører fra: c:\users\odin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\odin\AppData\Roaming\chrtmp

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-17 til 2011-10-17 )))))))))))))))))))))))))))))))))

.

.

2011-10-17 18:50 . 2011-10-17 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 18:43 . 2011-10-17 18:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{517C3073-8F38-4268-B2EB-9EBD17449A31}\offreg.dll

2011-10-17 18:25 . 2011-10-17 18:25 -------- d-----w- c:\users\odin\AppData\Roaming\OpenDNS Updater

2011-10-17 18:25 . 2011-10-17 18:25 -------- d-----w- c:\program files (x86)\OpenDNS Updater

2011-10-17 18:19 . 2011-10-17 18:19 -------- d-----w- c:\users\odin\AppData\Roaming\Malwarebytes

2011-10-17 18:19 . 2011-10-17 18:19 -------- d-----w- c:\programdata\Malwarebytes

2011-10-17 18:19 . 2011-10-17 18:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-17 18:19 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-16 19:12 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-10-16 19:12 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2011-10-16 19:11 . 2011-10-16 19:12 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-10-16 19:11 . 2011-10-16 19:11 -------- d-----w- c:\windows\SysWow64\xlive

2011-10-14 11:42 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{517C3073-8F38-4268-B2EB-9EBD17449A31}\mpengine.dll

2011-10-13 20:12 . 2011-10-13 20:12 -------- d-----w- c:\users\odin\AppData\Roaming\Microsoft Games

2011-10-13 18:06 . 2011-10-13 18:36 -------- d-----w- c:\program files (x86)\Microsoft Games

2011-10-13 18:06 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll

2011-10-13 18:05 . 2011-10-13 18:05 -------- d-----w- c:\users\odin\AppData\Local\Microsoft Game Studios

2011-10-13 18:05 . 2011-10-13 18:05 -------- d-----w- c:\programdata\Microsoft Games

2011-10-13 18:04 . 2011-10-13 18:04 -------- d-----w- c:\users\odin\AppData\Roaming\Microsoft Game Studios

2011-10-10 17:39 . 2011-10-14 10:10 -------- d-----w- c:\programdata\dB02401OgCpF02401

2011-09-28 14:44 . 2011-10-17 05:47 -------- d-----w- c:\users\odin\AppData\Roaming\.minecraft

2011-09-27 21:08 . 2008-05-07 17:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL

2011-09-27 05:03 . 2011-09-27 05:03 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-09-27 04:59 . 2011-07-19 03:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-08 12:27 . 2011-05-20 15:29 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-26 15:30 . 2011-08-26 15:30 1246 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2011-08-24 13:21 . 2011-08-24 13:21 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-08-24 13:21 . 2011-08-24 13:21 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-01-10 67456]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-21 1132320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 136176]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 136176]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 15:03]

.

2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-18 15:03]

.

2011-10-17 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-07 18:49]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-14 11046504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=XPxdm018YYno&ptb=14349C12-D87D-4C2F-A35D-C1FBDE672FDC

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.254

FF - ProfilePath - c:\users\odin\AppData\Roaming\Mozilla\Firefox\Profiles\hp766ogv.default\

FF - prefs.js: browser.search.selectedEngine - My Way

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm018YYno&ptb=14349C12-D87D-4C2F-A35D-C1FBDE672FDC&psa=&ind=2011072309&ptnrS=XPxdm018YYno&si=CM-Yo5vJl6oCFYQXzQodthtFzA&st=kwd&n=77de8735&searchfor=

FF - user.js: general.useragent.extra.brc -

.

- - - - TOMME PEKERE FJERNET - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-1736044027-607468330-3647718295-1001\Software\SecuROM\License information*]

"datasecu"=hex:d6,7c,0f,45,c5,77,f2,07,47,b8,68,0e,75,ee,cf,71,eb,0e,0b,1f,1c,

42,8c,ac,bf,cc,f8,85,4f,15,85,56,b9,e8,69,16,d1,da,7a,c2,82,63,73,5f,cb,08,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-10-17 20:53:13

ComboFix-quarantined-files.txt 2011-10-17 18:53

.

Pre-Run: 71 825 596 416 byte ledig

Post-Run: 71 657 357 312 byte ledig

.

- - End Of File - - C14D390A8B5281B03B2468B94B7DBC49

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...