Hapo Skrevet 30. august 2008 Del Skrevet 30. august 2008 (endret) Hei, har hatt en ukjent fil som har fortsatt og kommer frem på skrivebordet: filnavn: dxvc_sig.txt, innholdet er: A det er også blitt opprettet NTUSER.dat og ntuser.txt under C:\Documents and Settings\(Min bruker) Jeg har visst om disse filene en stund men ikke brydd meg noe særlig, helt til jeg fikk feilmelding om at lyddriveren var skadet aka. ubruklig. Jeg fikk verken slettet eller lest filene. så jeg startet opp i sikkerhets modus og slettet de derfra, resultatet ble at jeg mistet bakgrunnsbildet og at UI ble tulklet med, uten at det gikk å stille det tilbake. Så jeg foretok en systemgjennoppretting og fikk tilbake lyd, men vil nå bli kvitt hva det nå enn er for godt, og havnet på dette forumet så her er loggene mine: HJt-logg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20, on 2008-08-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Winamp\winampa.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ASUS WiFi-AP Solo\RtWLan.exe C:\Programfiler\ASUS\AASP\1.00.45\aaCenter.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Probe2.lnk = C:\Programfiler\ASUS\PC Probe II\Probe2.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5005 bytes ComboFix-log ComboFix 08-08-30.01 - Eirik 2008-08-30 23:34:29.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2850 [GMT 2:00] Running from: C:\Documents and Settings\Eirik\Skrivebord\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-10-15 17:49 . 2008-07-30 15:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-10-15 17:37 . 2008-10-15 17:45 <DIR> d-------- C:\Programfiler\ASUS WiFi-AP Solo 2008-10-15 17:37 . 2006-06-16 09:30 176,128 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys 2008-10-15 17:37 . 2008-10-15 17:37 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-10-15 17:37 . 2006-03-31 04:39 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys 2008-10-15 17:16 . 2008-08-18 23:10 4,096 --a------ C:\WINDOWS\system32\crash 2008-10-14 23:38 . 2008-10-14 23:38 <DIR> d-------- C:\Documents and Settings\Eirik\Contacts 2008-10-14 23:33 . 2008-10-14 23:38 <DIR> d-------- C:\Programfiler\Windows Live 2008-10-14 23:33 . 2008-10-14 23:37 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-10-14 23:33 . 2008-10-14 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-10-14 20:51 . 2008-10-14 20:51 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\vlc 2008-10-14 20:34 . 2008-10-14 20:37 <DIR> d-------- C:\Programfiler\Winamp 2008-10-14 20:34 . 2008-10-14 22:54 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\Winamp 2008-10-14 20:27 . 2008-10-14 20:27 <DIR> d-------- C:\Programfiler\VideoLAN 2008-10-14 14:16 . 2008-10-14 14:16 <DIR> d-------- C:\Programfiler\Marvell 2008-10-14 14:13 . 2008-10-14 14:13 <DIR> dr------- C:\WINDOWS\AsDmiHtm 2008-10-14 14:10 . 2008-10-14 14:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-10-14 13:46 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-14 13:46 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-14 13:45 . 2008-10-14 13:45 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-14 13:42 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-10-14 13:42 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-10-14 13:42 . 2008-07-18 22:08 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-14 13:42 . 2008-07-18 22:08 21,192 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-10-14 13:34 . 2008-10-14 13:34 <DIR> d-------- C:\Programfiler\ASUS 2008-10-14 13:34 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll 2008-10-14 13:34 . 2006-10-18 21:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys 2008-10-14 13:34 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2008-10-14 13:34 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2008-10-14 13:31 . 2008-10-14 13:31 <DIR> d-------- C:\WINDOWS\OPTIONS 2008-10-14 13:30 . 2007-03-21 10:23 1,953,792 -r------- C:\WINDOWS\system32\xRaidSetup.exe 2008-10-14 13:30 . 2007-03-20 15:15 143,360 -r------- C:\WINDOWS\system32\xRaidAPI.dll 2008-10-14 13:30 . 2007-03-24 05:20 46,208 -ra------ C:\WINDOWS\system32\drivers\jraid.sys 2008-10-14 13:30 . 2006-02-07 13:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys 2008-10-14 13:29 . 2008-10-14 13:30 <DIR> d-------- C:\WINDOWS\RaidTool 2008-10-14 13:25 . 2008-10-14 14:16 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\TMP 2008-10-14 13:21 . 2008-10-14 13:21 <DIR> d-------- C:\Programfiler\Analog Devices 2008-10-14 13:21 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll 2008-10-14 13:21 . 2006-03-17 11:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys 2008-10-14 13:21 . 2007-01-16 03:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys 2008-10-14 13:21 . 2006-08-07 00:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-10-14 13:21 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll 2008-10-14 13:21 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe 2008-10-14 13:21 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe 2008-10-14 13:21 . 2006-06-30 09:00 28,160 -ra------ C:\WINDOWS\system32\PostProc.dll 2008-10-14 12:04 . 2008-10-14 12:04 <DIR> d-------- C:\WINDOWS\ASUSInstAll 2008-10-14 11:59 . 2008-10-14 11:59 <DIR> d-------- C:\WINDOWS\system32\drivers\system32 2008-10-14 11:59 . 2008-10-14 11:59 <DIR> d-------- C:\WINDOWS\system32\drivers\INF 2008-10-14 11:58 . 2008-10-14 23:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-10-14 11:58 . 2008-10-14 11:58 <DIR> d-------- C:\Programfiler\Intel 2008-10-14 11:58 . 2008-10-14 11:58 <DIR> d-------- C:\Intel 2008-10-14 11:52 . 2008-10-14 14:14 18,225 --a------ C:\WINDOWS\Ascd_log.ini 2008-10-14 11:24 . 2008-10-15 17:36 19,810 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-10-14 11:24 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-10-14 11:24 . 2004-08-12 10:00 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-10-14 11:08 . 2008-10-14 11:08 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\ATI 2008-10-14 11:03 . 2008-10-14 11:03 <DIR> d-------- C:\Programfiler\Fellesfiler\ATI Technologies 2008-10-14 11:01 . 2006-12-28 18:44 84,992 -ra------ C:\WINDOWS\system32\drivers\AtiHdAud.sys 2008-10-14 11:00 . 2008-07-28 22:05 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information 2008-10-14 11:00 . 2008-07-29 19:09 <DIR> d-------- C:\Programfiler\ATI Technologies 2008-08-30 23:18 . 2008-08-30 23:18 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-30 23:16 . 2008-08-30 23:34 <DIR> dr-h----- C:\Documents and Settings\Eirik\Siste 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com 2008-08-30 23:07 . 2008-08-30 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-30 23:03 . 2008-08-30 23:03 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-30 22:34 . 2008-08-30 22:34 <DIR> d-------- C:\Documents and Settings\Administrator.SERVERHTPC\Programdata\vlc 2008-08-30 22:23 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator.SERVERHTPC\Programdata 2008-08-30 22:23 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator.SERVERHTPC\Maler 2008-08-30 22:23 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator.SERVERHTPC\Lokale innstillinger 2008-08-30 22:23 . 2008-08-30 22:56 <DIR> d---s---- C:\Documents and Settings\Administrator.SERVERHTPC 2008-08-30 14:35 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata 2008-08-30 14:35 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator\Maler 2008-08-30 14:35 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-08-30 14:35 . 2008-08-30 22:56 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-08-30 13:08 . 2008-08-30 13:08 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\Malwarebytes 2008-08-30 13:07 . 2008-08-30 22:56 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-30 13:07 . 2008-08-30 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-24 18:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-08-24 18:34 . 2008-08-24 18:34 <DIR> d-------- C:\Programfiler\MSBuild 2008-08-24 18:34 . 2008-08-24 18:34 <DIR> d-------- C:\Programfiler\Microsoft Works 2008-08-24 18:33 . 2008-08-24 18:33 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-08-24 18:32 . 2008-08-24 18:32 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8 2008-08-24 18:31 . 2008-08-24 18:34 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-24 18:31 . 2008-08-24 18:31 <DIR> dr-h----- C:\MSOCache 2008-08-24 18:31 . 2008-08-26 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-22 21:22 . 2008-08-22 21:22 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\skypePM 2008-08-22 21:22 . 2008-08-22 21:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-08-22 21:21 . 2008-08-22 21:21 <DIR> d-------- C:\Programfiler\Skype 2008-08-22 21:21 . 2008-08-22 21:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-08-10 22:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-10 22:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-10 22:49 . 2008-08-10 22:49 <DIR> d-------- C:\Programfiler\Hewlett-Packard 2008-08-10 22:49 . 2008-08-10 22:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-08-10 22:48 . 2008-08-10 22:58 19,574 --a------ C:\WINDOWS\hpoins01.dat 2008-08-10 22:48 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat 2008-08-10 22:24 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-10 22:24 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-08-10 21:07 . 2008-08-10 21:07 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\AdobeUM 2008-08-09 13:05 . 2008-08-09 13:33 <DIR> d-------- C:\Programfiler\World of Warcraft 2008-08-04 21:21 . 2008-08-04 21:21 <DIR> d-------- C:\Program Files 2008-08-04 18:58 . 2008-08-04 18:58 <DIR> d-------- C:\Programfiler\Celestia 2008-08-04 17:03 . 2008-08-04 17:03 <DIR> d-------- C:\Programfiler\DVD Decrypter 2008-08-04 17:03 . 2008-08-04 17:03 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\RipIt4Me 2008-07-30 21:00 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-07-30 21:00 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-07-30 15:20 . 2008-08-24 19:25 137,840 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-30 15:20 . 2008-08-24 19:25 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-07-30 15:20 . 2008-07-30 15:20 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-07-29 20:29 . 2008-07-29 20:29 <DIR> d-------- C:\Programfiler\EA GAMES 2008-07-29 19:37 . 2008-08-26 23:00 <DIR> d-------- C:\Programfiler\Opera 2008-07-29 19:15 . 2008-07-29 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI 2008-07-29 19:14 . 2008-07-29 19:14 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-07-29 19:05 . 2008-07-29 19:05 <DIR> d-------- C:\ATI 2008-07-26 19:27 . 2008-07-26 19:27 <DIR> d-------- C:\Programfiler\DVD Shrink 2008-07-26 19:27 . 2008-08-07 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink 2008-07-26 02:09 . 2008-08-29 23:56 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-07-23 19:59 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\dvdcss 2008-07-18 21:25 . 2008-07-18 21:25 <DIR> d-------- C:\WINDOWS\Sun 2008-07-18 21:16 . 2008-07-18 21:16 <DIR> d-------- C:\Programfiler\Java 2008-07-18 21:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-18 21:15 . 2008-07-18 21:15 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-07-18 20:22 . 2008-08-29 22:11 <DIR> d-------- C:\Programfiler\uTorrent 2008-07-18 20:22 . 2008-08-30 22:56 <DIR> d-------- C:\Documents and Settings\Eirik\Programdata\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 09:04 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-08-24 01:08 --------- d-----w C:\Documents and Settings\Eirik\Programdata\Skype 2008-08-22 19:21 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-07-03 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:41 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 10:23 1953792] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-07-09 23:33 36352] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\Eirik\Start-meny\Programmer\Oppstart\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30] R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39] S3 p2pgasvc;Gruppegodkjenning for nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 p2pimsvc;Identitetsbehandling for nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 p2psvc;Nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00] S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 00:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ffca664-a5a2-11db-91d4-806d6172696f}] \Shell\AutoRun\command - D:\Installer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc1e8c1-a594-11db-913e-806d6172696f}] \Shell\AutoRun\command - D:\Setup.exe . . ------- Supplementary Scan ------- . O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 . . ------- File Associations (Beta) ------- . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 23:35:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll -> C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll . Completion time: 2008-08-30 23:35:52 ComboFix-quarantined-files.txt 2008-08-30 21:35:48 Pre-Run: 3,507,957,760 byte ledig Post-Run: 3,495,354,368 byte ledig 258 --- E O F --- 2008-08-26 01:00:36 SUPERAntiSpyware Scan Log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/30/2008 at 11:12 PM Application Version : 4.20.1046 Core Rules Database Version : 3541 Trace Rules Database Version: 1530 Scan type : Quick Scan Total Scan Time : 00:03:12 Memory items scanned : 528 Memory threats detected : 0 Registry items scanned : 354 Registry threats detected : 0 File items scanned : 3962 File threats detected : 0 Endret 30. august 2008 av Hapo Lenke til kommentar
Svenni212000 Skrevet 30. august 2008 Del Skrevet 30. august 2008 Du er ikke infisert med virus, Spyware, Adware eller annen Malware. The NTUSER dat file is actually one of your Registry files. Unlike the other Registry files, NTUSER.DAT is stored in your personal Documents and Settings folder and contains the entire contents of the HKEY_LOCAL_USER branch of the Registry. You can’t delete it because it’s in use and protected, and you wouldn’t want to because otherwise you’ll mess up your whole computer! It will grow as you install more software that creates keys and sub keys in this branch of the Registry, and so is perfectly normal. To summarise: leave NTUSER.DAT alone. Lenke til kommentar
Hapo Skrevet 30. august 2008 Forfatter Del Skrevet 30. august 2008 tusen takk for svar anntar at det var noe annet som forårsaket lyddriver feilen da men hvorfor ble den plutselig "synlig" den var der ikke for 2 uker siden :S og har den noe med dxvc_sig filen og gjøre? den dukker opp stadig flere steder... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå