Just nu i M3-nätverket
Jump to content

Dator har blivit jätte seg!


Gulpa

Recommended Posts

Har haft lite problem med min dator som har blivit jätte seg, skulle behöva lite hjälp.

Har kört combofix [log]ComboFix 09-08-28.05 - malin 2009-08-29 13:24.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1535.1131 [GMT 2:00]

Running from: c:\documents and settings\malin\Mina dokument\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))

.

 

2009-08-29 10:57 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\NAVEX32A.DLL

2009-08-29 10:57 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\EECTRL.SYS

2009-08-29 10:57 . 2009-08-26 08:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\CCERASER.DLL

2009-08-29 10:57 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\ERASER.SYS

2009-08-29 10:57 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\NAVENG.SYS

2009-08-29 10:57 . 2009-08-25 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\ECMSVR32.DLL

2009-08-29 10:57 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\NAVENG32.DLL

2009-08-29 10:57 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090828.037\NAVEX15.SYS

2009-08-26 10:54 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys

2009-08-26 10:54 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys

2009-08-26 10:54 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll

2009-08-26 10:54 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll

2009-08-26 10:54 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys

2009-08-26 09:53 . 2009-08-26 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

2009-08-26 09:53 . 2009-08-26 09:52 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys

2009-08-26 09:52 . 2009-08-26 09:52 -------- d-----w- c:\program\Symantec

2009-08-26 09:52 . 2009-08-26 09:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-08-26 09:52 . 2009-08-26 09:52 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-08-26 09:52 . 2009-08-26 09:52 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll

2009-08-26 09:52 . 2009-08-26 09:52 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll

2009-08-26 09:52 . 2009-08-26 09:52 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll

2009-08-26 09:52 . 2009-08-26 09:52 -------- d-----w- c:\windows\system32\drivers\N360

2009-08-26 09:52 . 2009-08-26 09:52 -------- d-----w- c:\program\Norton 360

2009-08-26 09:44 . 2009-08-26 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2009-08-26 09:44 . 2009-08-26 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-08-26 09:44 . 2009-08-26 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-08-26 09:44 . 2009-08-26 09:44 -------- d-----w- c:\program\NortonInstaller

2009-08-26 08:58 . 2009-08-26 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-04 06:03 . 2009-08-04 06:03 16396 ----a-w- c:\windows\War3Unin.dat

2009-08-04 06:03 . 2009-08-04 06:03 2829 ----a-w- c:\windows\War3Unin.pif

2009-08-04 06:03 . 2009-08-04 06:03 126976 ----a-w- c:\windows\War3Unin.exe

2009-08-04 06:00 . 2009-08-04 11:07 -------- d-----w- c:\program\Warcraft III

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 10:42 . 2009-02-23 08:53 -------- d-----w- c:\program\Delade filer\Symantec Shared

2009-08-26 09:52 . 2009-08-26 09:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-08-26 09:52 . 2009-08-26 09:52 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-08-26 09:52 . 2009-02-23 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-08-26 09:46 . 2009-02-23 08:52 -------- d-----w- c:\documents and settings\malin\Application Data\Symantec

2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:04 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-12 12:31 . 2009-05-23 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-07-12 10:21 . 2008-04-15 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-07-03 17:00 . 2008-04-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:40 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:45 . 2008-04-15 12:00 76800 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2008-04-15 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2009-02-22 20:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2008-04-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:11 . 2008-04-15 12:00 1293312 ----a-w- c:\windows\system32\quartz.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-10-08 57344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\World of Warcraft\\Launcher.exe"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.086\SymEFA.sys [2009-08-26 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.086\BHDrvx86.sys [2009-08-26 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.086\cchpx86.sys [2009-08-26 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [2009-08-26 276344]

R2 N360;Norton 360;c:\program\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [2009-08-26 115560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2009-08-29 c:\windows\Tasks\RegCure Program Check.job

- c:\program\RegCure\RegCure.exe [2009-02-13 21:20]

 

2009-05-01 c:\windows\Tasks\RegCure.job

- c:\program\RegCure\RegCure.exe [2009-02-13 21:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = *.local

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-29 13:27

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]

"ImagePath"="\"c:\program\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3236)

c:\windows\system32\webcheck.dll

.

Completion time: 2009-08-29 13:28

ComboFix-quarantined-files.txt 2009-08-29 11:28

 

Pre-Run: 213 034 610 688 byte ledigt

Post-Run: 213 075 947 520 byte ledigt

 

165 --- E O F --- 2009-08-25 22:15

[/log]

Har någon lust att titta på log från combofix åt mig?

 

Link to comment
Share on other sites

2009-08-29 c:\windows\Tasks\RegCure Program Check.job

- c:\program\RegCure\RegCure.exe [2009-02-13 21:20]

RegCure är ett program som många har problem med. Du kan läsa en del åsikter här:

http://www.mywot.com/sv/scorecard/regcure.com

 

Om programmet har en ångra-funktion eller backup-funktion så använd den innan du avinstallerar programmet och sedan tar bort mappen c:\program\RegCure.

 

Hur länge har datorn varit jätteseg?

 

Link to comment
Share on other sites

ComboFix tog ju inte bort något utan det enda var att det återställde en del inställningar till normalvärden. Om det hjälper en del så blir nog datorn mycket piggare av en ominstallation av Windows.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...