Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Combo Fix

    Загружено:

    Duane Hall
    65 просмотров3 страницы
    The summary provides information about a computer system infected with malware and the remediation steps taken: - ComboFix was run on a Windows XP system to remove malware such as rootkits and stealth programs. It deleted infected and suspicious files, and removed malware from running processes and startup locations. - The system scan found 1 hidden file and reported on malware in running processes, registry loads, firewall settings, and scheduled tasks. - ComboFix completed removing the identified malware and produced logs of quarantined files and system statistics before and after the cleaning process.

    Исходное описание:

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    The summary provides information about a computer system infected with malware and the remediation steps taken: - ComboFix was run on a Windows XP system to remove malware such as rootkits and stealth programs. It deleted infected and suspicious files, and removed malware from running processes and startup locations. - The system scan found 1 hidden file and reported on malware in running processes, registry loads, firewall settings, and scheduled tasks. - ComboFix completed removing the identified malware and produced logs of quarantined files and system statistics before and after the cleaning process.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    65 просмотров3 страницы

    Combo Fix

    Загружено:

    Duane Hall
    The summary provides information about a computer system infected with malware and the remediation steps taken: - ComboFix was run on a Windows XP system to remove malware such as rootkits and stealth programs. It deleted infected and suspicious files, and removed malware from running processes and startup locations. - The system scan found 1 hidden file and reported on malware in running processes, registry loads, firewall settings, and scheduled tasks. - ComboFix completed removing the identified malware and produced logs of quarantined files and system statistics before and after the cleaning process.

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 3

    ComboFix 10-09-16.07 - student 09/17/2010 15:28:39.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3189 [GMT -4:0
    0]
    Running from: E:\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    C:\dfinstall.log
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloade
    r\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloade
    r\qmgr1.dat
    c:\drivers\sound\4620d\_desktop.ini
    ----- BITS: Possible infected sites -----
    hxxp://ms-eagle3.georgiasouthern.edu
    .
    ((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))
    ))))))))))))))))))))))))
    .
    2010-08-27 18:32 . 2010-08-27 18:32 103120 ----a-w- c:\documents and
    settings\student\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2010-08-27 18:33 . 2010-06-10 14:36 -------- d-----w- c:\progr
    am files\Sketchpad
    2010-08-05 00:51 . 2010-08-05 00:51 16336518 ------w- C:\Persi
    1.sys
    2010-07-22 13:48 . 2010-07-22 13:48 764328 ----a-w- c:\windows\syste
    m32\DFC.exe
    2010-07-22 13:48 . 2010-07-22 13:48 748968 ----a-w- c:\windows\syste
    m32\LDK.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 86
    8352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
    l.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-
    24 952768]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-07 14
    9280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \DfLogon]
    2010-02-08 11:20 65536 ----a-w- c:\windows\system32\LogonDll.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C *
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
    "c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
    "c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
    "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
    "c:\\Program Files\\Maple 13\\jre\\bin\\maple.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
    OpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [5/20/2010 11:19 AM 1
    53240]
    R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [5/19/2009 9:4
    7 AM 21504]
    R2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [6
    /3/2010 3:47 AM 1074088]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windo
    ws\system32\drivers\e1k5132.sys [5/19/2009 9:46 AM 144480]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.e
    xe -k WINRM [8/4/2004 8:00 AM 14336]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    2010-06-10 c:\windows\Tasks\Minitab Software Update Manager.job
    - c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.
    exe [2010-03-25 13:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://my.georgiasouthern.edu/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: georgiasouthern.com\*.cc
    Trusted Zone: georgiasouthern.edu
    Trusted Zone: georgiasouthern.edu\trackit
    Trusted Zone: tk20.com\gsu
    Trusted Zone: usg.edu\*.view
    DPF: {576756A1-D97C-45D0-A945-0324019A131E} - hxxp://trackit.georgiasouthern.edu
    /tiweb70/downloads/BOSIActiveXGrid.cab
    DPF: {6AF2E1A7-A16E-4503-A440-07CA49122CCE} - hxxp://trackit.georgiasouthern.edu
    /tiweb70/downloads/BOSIActiveXMemoControl.cab
    DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
    .
    - - - - ORPHANS REMOVED - - - -
    Notify-NavLogon - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2010-09-17 15:30
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    c:\docume~1\student\LOCALS~1\Temp\catchme.dll 53248 bytes executable


    scan completed successfully
    hidden files: 1
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\LogonDll.dll
    .
    Completion time: 2010-09-17 15:31:10
    ComboFix-quarantined-files.txt 2010-09-17 19:31
    Pre-Run: 224,614,199,296 bytes free
    Post-Run: 224,574,963,712 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    - - End Of File - - E8D0A4E4AD558928D8FEBF180AEDB9FB

    Вам также может понравиться