Gå til innhold

Litt treg pc - combofix logg [LØST]

KolonP

Av KolonP
i IKT-drift og sikkerhet

Anbefalte innlegg

KolonP

KolonP

Skrevet
Skrevet (endret)
KolonP

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) (Gjerne i en egen tråd du oppretter ved å klikke på Nytt Emne-knappen)

 

ComboFix 08-04-12.8 - oiehgo853 2008-04-13 17:00:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.246 [GMT 2:00]

Running from: C:\Documents and Settings\oiehgo853\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\RECYCLER\rundll32.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))

.

 

2008-04-13 16:56 . 2008-04-13 21:59 477 --a------ C:\ifexist.sed

2008-04-13 14:56 . 2008-04-13 14:57 <DIR> d-------- C:\Programfiler\TVAnts

2008-04-13 13:46 . 2008-04-13 13:46 <DIR> d-------- C:\WINDOWS\LastGood

2008-04-12 14:37 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-12 12:12 . 2008-04-12 12:12 <DIR> d-------- C:\Programfiler\SDP Multimedia

2008-04-07 20:57 . 2008-04-13 12:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-07 20:57 . 2008-04-07 20:57 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-07 20:56 . 2008-04-07 20:56 <DIR> d-------- C:\Programfiler\iTunes

2008-04-07 20:56 . 2008-04-07 20:56 <DIR> d-------- C:\Programfiler\iPod

2008-04-07 20:47 . 2008-04-07 20:48 <DIR> d-------- C:\Programfiler\QuickTime

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-27 21:14 . 2008-03-27 21:14 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{894A2745-D5B9-4D7C-AC3B-CE860A8A94AA}

2008-03-27 17:42 . 2008-03-27 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-03-15 00:27 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-15 00:25 . 2008-03-15 00:25 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-03-15 00:23 . 2008-03-15 00:23 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-15 00:21 . 2008-03-15 00:21 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8

2008-03-15 00:20 . 2008-03-15 00:34 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-15 00:19 . 2008-04-09 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-15 00:18 . 2008-03-15 00:18 <DIR> dr-h----- C:\MSOCache

2008-03-14 19:03 . 2008-03-14 19:03 <DIR> d-------- C:\Documents and Settings\oiehgo853\Programdata\Apple Computer

2008-03-14 19:02 . 2008-03-14 19:02 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-14 19:01 . 2008-03-14 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-14 19:00 . 2008-03-14 19:00 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-14 18:59 . 2008-03-14 18:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-14 18:59 . 2008-03-14 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-14 18:31 . 2008-03-14 18:31 <DIR> d-------- C:\Programfiler\Vstplugins

2008-03-14 18:29 . 2008-03-14 18:29 <DIR> d-------- C:\Programfiler\Sony Vegas

2008-03-13 17:00 . 2008-03-13 17:00 <DIR> d-------- C:\games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 11:56 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll

2008-04-13 11:56 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe

2008-04-13 11:56 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe

2008-04-13 11:43 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll

2008-04-12 10:34 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\uTorrent

2008-04-05 20:30 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-04-04 10:22 --------- d-----w C:\Programfiler\Opera

2008-03-29 13:51 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\LimeWire

2008-03-27 17:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trend Micro

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 22:24 --------- d-----w C:\Programfiler\MSBuild

2008-03-14 16:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony

2008-03-14 16:28 --------- d-----w C:\Programfiler\Sony Setup

2008-03-12 16:48 --------- d-----w C:\Programfiler\ASUS

2008-03-12 16:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-10 19:51 --------- d-----w C:\Programfiler\Sony

2008-03-10 19:39 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Sony

2008-03-10 19:34 --------- d-----w C:\Programfiler\Microsoft SQL Server

2008-03-10 14:00 --------- d-----w C:\Programfiler\MSXML 6.0

2008-03-10 13:54 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Publish Providers

2008-03-10 13:22 --------- d-----w C:\Programfiler\Reference Assemblies

2008-03-10 13:13 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Sony Setup

2008-03-10 11:56 --------- d-----w C:\Programfiler\MagicISO

2008-03-09 20:35 846,336 ----a-w C:\WINDOWS\system32\kdfinj.dll

2008-03-09 19:59 --------- d-----w C:\Programfiler\Trend Micro

2008-03-09 19:01 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-09 18:59 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\InstallShield

2008-03-09 18:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\Atheros

2008-03-09 18:31 48,035 ----a-w C:\WINDOWS\BS_DEF.sys

2008-03-09 17:23 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\XemiComputers

2008-03-09 17:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\XemiComputers

2008-03-09 17:20 --------- d-----w C:\Programfiler\XemiComputers

2008-03-09 16:53 --------- d-----w C:\Programfiler\uTorrent

2008-03-09 16:51 --------- d-----w C:\Programfiler\Java

2008-03-09 16:49 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-03-09 16:48 --------- d-----w C:\Programfiler\LimeWire

2008-03-09 16:48 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\vlc

2008-03-09 16:47 --------- d-----w C:\Programfiler\VideoLAN

2008-03-09 16:47 --------- d-----w C:\Programfiler\CLUE2

2008-03-09 16:09 --------- d-----w C:\Programfiler\aMSN

2008-03-09 15:59 --------- d-----w C:\Programfiler\Winamp

2008-03-09 15:59 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Winamp

2008-03-09 10:28 --------- d-----w C:\Programfiler\Atheros

2008-03-08 23:32 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-08 23:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-03-08 22:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Bluetooth

2008-03-08 22:41 --------- d-----w C:\Programfiler\IVT Corporation

2008-03-08 22:37 --------- d-----w C:\Programfiler\Toshiba

2008-03-08 21:20 --------- d-----w C:\Programfiler\Realtek

2008-03-08 20:58 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\ATI

2008-03-08 20:55 --------- d-----w C:\Programfiler\ATI Technologies

2008-03-08 20:38 --------- d-----w C:\Programfiler\D-Link

2008-03-08 20:38 --------- d-----w C:\Programfiler\ANI

2008-03-08 20:19 0 ----a-w C:\WINDOWS\system32\drivers\1043_ASUSTeK_F5R.alu

2008-03-08 20:16 --------- d-----w C:\Programfiler\Wireless Console 2

2008-03-08 20:16 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-03-08 20:05 --------- d-----w C:\Programfiler\TMXCorp

2008-03-08 19:58 --------- d-----w C:\Programfiler\microsoft frontpage

2008-03-08 19:57 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-03-08 19:56 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-09-18 22:06 103760]

 

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"Active Desktop Calendar"="C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-02-14 14:42 3723264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 18:37 110592]

"Wireless Console 2"="C:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 18:09 987136]

"ASUS Live Update"="C:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 12:20 51768]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 17:54 1552384]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]

"ATKMEDIA"="C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 21:33 53248]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 20:49 16269312 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

"ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-10-23 20:35 376921]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 07:28 36352]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-10-27 02:47 1393928]

"Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Programfiler\\aMSN\\bin\\wish.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 07:42]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 11:13]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 17:50]

R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 11:40]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46]

S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []

S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 18:21]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{922c9018-ed5e-11dc-b982-001b11be7f30}]

\Shell\AutoRun\command - G:\setupSNK.exe

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

.

Contents of the 'Scheduled Tasks' folder

"2008-04-07 18:36:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-13 17:06:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\XemiComputers\Active Desktop Calendar\MouseHook.dll

.

Completion time: 2008-04-13 17:09:16

ComboFix-quarantined-files.txt 2008-04-13 15:08:55

Pre-Run: 49,175,543,808 byte ledig

Post-Run: 49,219,878,912 byte ledig

.

2008-04-09 15:19:47 --- E O F ---

 

Endret av KolonP

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Loggen ser fin ut. Fila du mistenkte ble også fjernet :)

 

Du kan godt avinstallere combofix igjen, ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette nullstiller også systemgjenopprettingsmappa.

r2d290

r2d290

Skrevet
Skrevet

Fint at det ordnet seg :)

 

Da kan du endre emnetittelen din, ved å redigere førsteposten din og velge "full redigering". Så kan du skrive:

[LØST]

i starten av emnetittelen din.

 

Dette vil gjøre det mer oversiktlig på forumet...

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...