Litt treg pc - combofix logg [LØST]

[KolonP]

KolonP

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) (Gjerne i en egen tråd du oppretter ved å klikke på Nytt Emne-knappen)

 

ComboFix 08-04-12.8 - oiehgo853 2008-04-13 17:00:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.246 [GMT 2:00]

Running from: C:\Documents and Settings\oiehgo853\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\RECYCLER\rundll32.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))

.

 

2008-04-13 16:56 . 2008-04-13 21:59 477 --a------ C:\ifexist.sed

2008-04-13 14:56 . 2008-04-13 14:57 <DIR> d-------- C:\Programfiler\TVAnts

2008-04-13 13:46 . 2008-04-13 13:46 <DIR> d-------- C:\WINDOWS\LastGood

2008-04-12 14:37 . 2004-08-04 01:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-04-12 12:12 . 2008-04-12 12:12 <DIR> d-------- C:\Programfiler\SDP Multimedia

2008-04-07 20:57 . 2008-04-13 12:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-07 20:57 . 2008-04-07 20:57 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-07 20:56 . 2008-04-07 20:56 <DIR> d-------- C:\Programfiler\iTunes

2008-04-07 20:56 . 2008-04-07 20:56 <DIR> d-------- C:\Programfiler\iPod

2008-04-07 20:47 . 2008-04-07 20:48 <DIR> d-------- C:\Programfiler\QuickTime

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-27 21:14 . 2008-03-27 21:14 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{894A2745-D5B9-4D7C-AC3B-CE860A8A94AA}

2008-03-27 17:42 . 2008-03-27 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-03-15 00:27 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-03-15 00:25 . 2008-03-15 00:25 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-03-15 00:23 . 2008-03-15 00:23 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-15 00:21 . 2008-03-15 00:21 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8

2008-03-15 00:20 . 2008-03-15 00:34 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-03-15 00:19 . 2008-04-09 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-15 00:18 . 2008-03-15 00:18 <DIR> dr-h----- C:\MSOCache

2008-03-14 19:03 . 2008-03-14 19:03 <DIR> d-------- C:\Documents and Settings\oiehgo853\Programdata\Apple Computer

2008-03-14 19:02 . 2008-03-14 19:02 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-14 19:01 . 2008-03-14 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-14 19:00 . 2008-03-14 19:00 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-14 18:59 . 2008-03-14 18:59 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-14 18:59 . 2008-03-14 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-14 18:31 . 2008-03-14 18:31 <DIR> d-------- C:\Programfiler\Vstplugins

2008-03-14 18:29 . 2008-03-14 18:29 <DIR> d-------- C:\Programfiler\Sony Vegas

2008-03-13 17:00 . 2008-03-13 17:00 <DIR> d-------- C:\games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-13 11:56 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll

2008-04-13 11:56 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe

2008-04-13 11:56 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe

2008-04-13 11:43 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll

2008-04-12 10:34 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\uTorrent

2008-04-05 20:30 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-04-04 10:22 --------- d-----w C:\Programfiler\Opera

2008-03-29 13:51 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\LimeWire

2008-03-27 17:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Trend Micro

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 22:24 --------- d-----w C:\Programfiler\MSBuild

2008-03-14 16:30 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sony

2008-03-14 16:28 --------- d-----w C:\Programfiler\Sony Setup

2008-03-12 16:48 --------- d-----w C:\Programfiler\ASUS

2008-03-12 16:42 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-10 19:51 --------- d-----w C:\Programfiler\Sony

2008-03-10 19:39 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Sony

2008-03-10 19:34 --------- d-----w C:\Programfiler\Microsoft SQL Server

2008-03-10 14:00 --------- d-----w C:\Programfiler\MSXML 6.0

2008-03-10 13:54 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Publish Providers

2008-03-10 13:22 --------- d-----w C:\Programfiler\Reference Assemblies

2008-03-10 13:13 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Sony Setup

2008-03-10 11:56 --------- d-----w C:\Programfiler\MagicISO

2008-03-09 20:35 846,336 ----a-w C:\WINDOWS\system32\kdfinj.dll

2008-03-09 19:59 --------- d-----w C:\Programfiler\Trend Micro

2008-03-09 19:01 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-03-09 18:59 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\InstallShield

2008-03-09 18:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\Atheros

2008-03-09 18:31 48,035 ----a-w C:\WINDOWS\BS_DEF.sys

2008-03-09 17:23 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\XemiComputers

2008-03-09 17:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\XemiComputers

2008-03-09 17:20 --------- d-----w C:\Programfiler\XemiComputers

2008-03-09 16:53 --------- d-----w C:\Programfiler\uTorrent

2008-03-09 16:51 --------- d-----w C:\Programfiler\Java

2008-03-09 16:49 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-03-09 16:48 --------- d-----w C:\Programfiler\LimeWire

2008-03-09 16:48 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\vlc

2008-03-09 16:47 --------- d-----w C:\Programfiler\VideoLAN

2008-03-09 16:47 --------- d-----w C:\Programfiler\CLUE2

2008-03-09 16:09 --------- d-----w C:\Programfiler\aMSN

2008-03-09 15:59 --------- d-----w C:\Programfiler\Winamp

2008-03-09 15:59 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\Winamp

2008-03-09 10:28 --------- d-----w C:\Programfiler\Atheros

2008-03-08 23:32 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-08 23:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-03-08 22:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\Bluetooth

2008-03-08 22:41 --------- d-----w C:\Programfiler\IVT Corporation

2008-03-08 22:37 --------- d-----w C:\Programfiler\Toshiba

2008-03-08 21:20 --------- d-----w C:\Programfiler\Realtek

2008-03-08 20:58 --------- d-----w C:\Documents and Settings\oiehgo853\Programdata\ATI

2008-03-08 20:55 --------- d-----w C:\Programfiler\ATI Technologies

2008-03-08 20:38 --------- d-----w C:\Programfiler\D-Link

2008-03-08 20:38 --------- d-----w C:\Programfiler\ANI

2008-03-08 20:19 0 ----a-w C:\WINDOWS\system32\drivers\1043_ASUSTeK_F5R.alu

2008-03-08 20:16 --------- d-----w C:\Programfiler\Wireless Console 2

2008-03-08 20:16 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-03-08 20:05 --------- d-----w C:\Programfiler\TMXCorp

2008-03-08 19:58 --------- d-----w C:\Programfiler\microsoft frontpage

2008-03-08 19:57 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-03-08 19:56 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Programfiler\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-09-18 22:06 103760]

 

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]

[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"Active Desktop Calendar"="C:\Programfiler\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-02-14 14:42 3723264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 18:37 110592]

"Wireless Console 2"="C:\Programfiler\Wireless Console 2\wcourier.exe" [2005-10-17 18:09 987136]

"ASUS Live Update"="C:\Programfiler\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 12:20 51768]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 17:54 1552384]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]

"ATKMEDIA"="C:\Programfiler\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 21:33 53248]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 20:49 16269312 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]

"ACU"="C:\Programfiler\Atheros\ACU.exe" [2007-10-23 20:35 376921]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2007-10-10 07:28 36352]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-10-27 02:47 1393928]

"Power_Gear"="C:\Programfiler\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 19:01 90112]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Programfiler\\aMSN\\bin\\wish.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 07:42]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 11:13]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 17:50]

R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 01:07]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 11:40]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 20:46]

S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []

S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 18:21]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{922c9018-ed5e-11dc-b982-001b11be7f30}]

\Shell\AutoRun\command - G:\setupSNK.exe

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

.

Contents of the 'Scheduled Tasks' folder

"2008-04-07 18:36:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-13 17:06:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Programfiler\XemiComputers\Active Desktop Calendar\MouseHook.dll

.

Completion time: 2008-04-13 17:09:16

ComboFix-quarantined-files.txt 2008-04-13 15:08:55

Pre-Run: 49,175,543,808 byte ledig

Post-Run: 49,219,878,912 byte ledig

.

2008-04-09 15:19:47 --- E O F ---

 

Endret 14. april 2008 av KolonP

[norbat]

Loggen ser fin ut. Fila du mistenkte ble også fjernet

 

Du kan godt avinstallere combofix igjen, ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette nullstiller også systemgjenopprettingsmappa.

[KolonP]

Flott ... Takk skal du ha

[r2d290]

Fint at det ordnet seg

 

Da kan du endre emnetittelen din, ved å redigere førsteposten din og velge "full redigering". Så kan du skrive:

[LØST]

i starten av emnetittelen din.

 

Dette vil gjøre det mer oversiktlig på forumet...