Gå til innhold

Combofix logg, gidder noen å se?

Skugga

Av Skugga
i IKT-drift og sikkerhet

Anbefalte innlegg

Skugga

Skugga

Skrevet
Skrevet

Har hatt store problemer med nettet i det siste, så jeg kjørte Combofix, antimalware, superantispyware og virusscan

Installerte også Zonealarm, og blokkerer nå angrep flere ganger i sekundet (wtf?)

 

Her er Combofix sin logg (som jeg kjørte til sist)

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-12-04.04 - 2008-12-05 0:00:51.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1731 [GMT 1:00]

Kjører fra: D:\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-04 til 2008-12-04 )))))))))))))))))))))))))))))))))

.

 

2008-12-04 21:53 . 2008-12-04 21:53 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2008-12-04 21:52 . 2008-12-04 21:52 <DIR> d-------- c:\users\Erik\AppData\Roaming\SUPERAntiSpyware.com

2008-12-04 21:52 . 2008-12-04 21:52 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-04 21:47 . 2008-12-04 21:47 250 --a------ c:\windows\gmer.ini

2008-12-04 21:24 . 2008-12-04 21:24 <DIR> d-------- c:\users\Erik\AppData\Roaming\Malwarebytes

2008-12-04 21:24 . 2008-12-04 21:24 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-04 21:24 . 2008-12-04 21:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-04 21:24 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-04 21:24 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-04 21:10 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll

2008-12-04 21:10 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe

2008-12-04 21:09 . 2008-12-04 21:09 <DIR> d-------- c:\program files\Zone Labs

2008-12-04 21:09 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll

2008-12-04 21:08 . 2008-12-04 21:09 <DIR> d-------- c:\windows\System32\ZoneLabs

2008-12-04 21:08 . 2008-12-05 00:03 <DIR> d-------- c:\windows\Internet Logs

2008-12-04 21:08 . 2008-12-04 21:08 <DIR> d-------- c:\programdata\CheckPoint

2008-12-04 21:08 . 2008-12-04 21:14 348,371 --ah----- c:\windows\System32\drivers\vsconfig.xml

2008-12-04 21:08 . 2008-11-13 15:19 293,776 --a------ c:\windows\System32\drivers\vsdatant.sys

2008-12-04 14:22 . 2008-12-04 14:34 263 --a------ c:\windows\nyno31.ini

2008-12-04 14:21 . 2008-12-04 14:23 <DIR> d-------- C:\NYNO31

2008-12-03 22:15 . 2008-12-03 22:15 249,592 --a------ c:\windows\System32\cssdll32.dll

2008-12-03 22:14 . 2008-12-03 22:36 <DIR> d-------- c:\program files\COMODO

2008-12-03 14:11 . 2008-05-27 05:59 106,605 --a------ c:\windows\System32\StructuredQuerySchema.bin

2008-12-03 14:11 . 2008-05-27 06:17 34,816 --a------ c:\windows\System32\msscb.dll

2008-12-03 14:11 . 2008-05-27 05:59 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.bin

2008-12-03 14:11 . 2008-05-27 06:17 11,776 --a------ c:\windows\System32\msshooks.dll

2008-12-03 14:08 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-03 14:07 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-12-03 14:06 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-12-03 14:06 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-12-03 14:06 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-03 14:06 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-03 14:05 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-12-03 13:45 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-12-03 13:45 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-12-03 13:45 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-12-03 13:45 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-12-03 13:45 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-12-03 13:45 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-12-03 13:45 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-12-03 13:45 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-12-03 13:45 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-29 16:20 . 2008-11-29 16:20 98,304 --a------ c:\windows\System32\CmdLineExt.dll

2008-11-21 22:35 . 2008-11-25 11:43 <DIR> d-------- c:\users\Erik\AppData\Roaming\mIRC

2008-11-21 22:35 . 2008-11-25 11:43 <DIR> d-------- c:\program files\mIRC

2008-11-21 21:57 . 2008-11-21 21:57 <DIR> d-------- c:\program files\QuickTime

2008-11-16 19:39 . 2008-11-16 19:39 23 --a------ c:\windows\BlendSettings.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-04 23:01 --------- d-----w c:\users\Erik\AppData\Roaming\uTorrent

2008-12-04 21:58 --------- d-----w c:\users\Erik\AppData\Roaming\OpenOffice.org2

2008-12-04 20:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-03 21:52 --------- d-----w c:\program files\ACDSee32

2008-12-03 20:43 --------- d-----w c:\programdata\VIZ_MPS

2008-12-03 15:29 --------- d-----w c:\program files\Common Files\Steam

2008-12-03 13:16 --------- d-----w c:\program files\Windows Mail

2008-11-21 19:31 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-16 21:07 203,272 ----a-w c:\windows\System32\PnkBstrB.exe

2008-11-16 21:07 138,520 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2008-11-05 12:25 --------- d-----w c:\users\Erik\AppData\Roaming\Notepad++

2008-11-03 01:10 --------- d-----w c:\programdata\Blizzard

2008-11-01 14:32 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-11-01 14:32 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys

2008-11-01 14:32 10,520 ----a-w c:\windows\System32\avgrsstx.dll

2008-11-01 14:32 --------- d-----w c:\programdata\avg8

2008-11-01 14:32 --------- d-----w c:\program files\AVG

2008-11-01 14:31 --------- d-----w c:\programdata\NVIDIA

2008-10-30 20:23 --------- d-----w c:\programdata\Yahoo!

2008-10-30 19:35 --------- d-----w c:\program files\AGEIA Technologies

2008-10-27 21:07 --------- d-----w c:\program files\K-Lite Codec Pack

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 20:45 --------- d-----w c:\users\Erik\AppData\Roaming\Mount&Blade

2008-10-08 21:28 --------- d-----w c:\program files\Common Files\INCA Shared

2008-10-05 14:58 --------- d-----w c:\users\Erik\AppData\Roaming\XnView

2008-10-05 14:57 --------- d-----w c:\program files\XnView

2008-10-04 23:49 --------- d-----w c:\program files\Gabest

2008-10-02 09:07 453,152 ----a-w c:\windows\System32\NVUNINST.EXE

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll

2008-09-16 00:11 683,520 ----a-w c:\windows\System32\divx.dll

2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll

2008-09-04 08:31 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe

2008-08-31 13:52 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]

"CTHelper"="CTHELPER.EXE" [2008-02-20 c:\windows\System32\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 c:\windows\System32\CTXFIHLP.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

"CtxfiReg"="CTXFIREG.exe" [2008-02-20 c:\windows\System32\CTXFIREG.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-01 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01v32.sys [2008-08-31 48128]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-01 69128]

R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]

 

*Newly Created Service* - GMER

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

.

------- Tilleggsskanning -------

.

FireFox -: Profile - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\uudc1kan.default\

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-05 00:07:22

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(608)

c:\windows\system32\avgrsstx.dll

.

Tidspunkt ferdig: 2008-12-05 0:08:21

ComboFix-quarantined-files.txt 2008-12-04 23:08:17

 

Pre-Run: 12 097 130 496 bytes free

Post-Run: 11,977,244,672 bytes free

 

168 --- E O F --- 2008-12-03 13:14:21

 

På forhånd takk. :)

Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...