[Løst]Tror det er malware? (NTUSER.dat)

[Hapo]

Hei, har hatt en ukjent fil som har fortsatt og kommer frem på skrivebordet:

filnavn: dxvc_sig.txt, innholdet er: A

det er også blitt opprettet NTUSER.dat og ntuser.txt under C:\Documents and Settings\(Min bruker)

Jeg har visst om disse filene en stund men ikke brydd meg noe særlig, helt til jeg fikk feilmelding om at lyddriveren var skadet aka. ubruklig. Jeg fikk verken slettet eller lest filene.

så jeg startet opp i sikkerhets modus og slettet de derfra, resultatet ble at jeg mistet bakgrunnsbildet og at UI ble tulklet med, uten at det gikk å stille det tilbake. Så jeg foretok en systemgjennoppretting og fikk tilbake lyd, men vil nå bli kvitt hva det nå enn er for godt, og havnet på dette forumet

 

så her er loggene mine:

 

HJt-logg

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20, on 2008-08-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Winamp\winampa.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\ASUS WiFi-AP Solo\RtWLan.exe
C:\Programfiler\ASUS\AASP\1.00.45\aaCenter.exe
C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Probe2.lnk = C:\Programfiler\ASUS\PC Probe II\Probe2.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5005 bytes

 

 

ComboFix-log

 

 

ComboFix 08-08-30.01 - Eirik 2008-08-30 23:34:29.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.2850 [GMT 2:00]
Running from: C:\Documents and Settings\Eirik\Skrivebord\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-30  )))))))))))))))))))))))))))))))
.

2008-10-15 17:49 . 2008-07-30 15:20	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-10-15 17:37 . 2008-10-15 17:45	<DIR>	d--------	C:\Programfiler\ASUS WiFi-AP Solo
2008-10-15 17:37 . 2006-06-16 09:30	176,128	--a------	C:\WINDOWS\system32\drivers\RTL8187.sys
2008-10-15 17:37 . 2008-10-15 17:37	21,035	--a------	C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-15 17:37 . 2006-03-31 04:39	13,532	--a------	C:\WINDOWS\system32\drivers\SjyPkt.sys
2008-10-15 17:16 . 2008-08-18 23:10	4,096	--a------	C:\WINDOWS\system32\crash
2008-10-14 23:38 . 2008-10-14 23:38	<DIR>	d--------	C:\Documents and Settings\Eirik\Contacts
2008-10-14 23:33 . 2008-10-14 23:38	<DIR>	d--------	C:\Programfiler\Windows Live
2008-10-14 23:33 . 2008-10-14 23:37	<DIR>	d--hsc---	C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-10-14 23:33 . 2008-10-14 23:33	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-10-14 20:51 . 2008-10-14 20:51	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\vlc
2008-10-14 20:34 . 2008-10-14 20:37	<DIR>	d--------	C:\Programfiler\Winamp
2008-10-14 20:34 . 2008-10-14 22:54	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\Winamp
2008-10-14 20:27 . 2008-10-14 20:27	<DIR>	d--------	C:\Programfiler\VideoLAN
2008-10-14 14:16 . 2008-10-14 14:16	<DIR>	d--------	C:\Programfiler\Marvell
2008-10-14 14:13 . 2008-10-14 14:13	<DIR>	dr-------	C:\WINDOWS\AsDmiHtm
2008-10-14 14:10 . 2008-10-14 14:10	<DIR>	d--------	C:\Programfiler\Fellesfiler\Adobe
2008-10-14 13:46 . 2008-06-14 20:00	272,256	---------	C:\WINDOWS\system32\drivers\bthport.sys
2008-10-14 13:46 . 2008-06-14 20:00	272,256	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-14 13:45 . 2008-10-14 13:45	0	--a------	C:\WINDOWS\nsreg.dat
2008-10-14 13:42 . 2008-07-18 22:10	33,992	--a------	C:\WINDOWS\system32\wucltui.dll.mui
2008-10-14 13:42 . 2008-07-18 22:09	25,800	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-14 13:42 . 2008-07-18 22:08	25,800	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-10-14 13:42 . 2008-07-18 22:08	21,192	--a------	C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-14 13:34 . 2008-10-14 13:34	<DIR>	d--------	C:\Programfiler\ASUS
2008-10-14 13:34 . 2006-01-10 10:50	24,576	-ra------	C:\WINDOWS\system32\AsIO.dll
2008-10-14 13:34 . 2006-10-18 21:12	12,664	-ra------	C:\WINDOWS\system32\drivers\AsIO.sys
2008-10-14 13:34 . 2006-10-19 03:11	12,096	--a------	C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-10-14 13:34 . 2006-10-19 03:11	10,304	--a------	C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-10-14 13:31 . 2008-10-14 13:31	<DIR>	d--------	C:\WINDOWS\OPTIONS
2008-10-14 13:30 . 2007-03-21 10:23	1,953,792	-r-------	C:\WINDOWS\system32\xRaidSetup.exe
2008-10-14 13:30 . 2007-03-20 15:15	143,360	-r-------	C:\WINDOWS\system32\xRaidAPI.dll
2008-10-14 13:30 . 2007-03-24 05:20	46,208	-ra------	C:\WINDOWS\system32\drivers\jraid.sys
2008-10-14 13:30 . 2006-02-07 13:52	6,912	-ra------	C:\WINDOWS\system32\drivers\JGOGO.sys
2008-10-14 13:29 . 2008-10-14 13:30	<DIR>	d--------	C:\WINDOWS\RaidTool
2008-10-14 13:25 . 2008-10-14 14:16	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\TMP
2008-10-14 13:21 . 2008-10-14 13:21	<DIR>	d--------	C:\Programfiler\Analog Devices
2008-10-14 13:21 . 2001-09-11 14:20	1,285,632	---------	C:\WINDOWS\system32\SMMedia.dll
2008-10-14 13:21 . 2006-03-17 11:18	392,960	-ra------	C:\WINDOWS\system32\drivers\senfilt.sys
2008-10-14 13:21 . 2007-01-16 03:09	293,888	-ra------	C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-10-14 13:21 . 2006-08-07 00:57	93,952	-ra------	C:\WINDOWS\system32\drivers\aeaudio.sys
2008-10-14 13:21 . 2005-05-04 08:20	53,248	---------	C:\WINDOWS\system32\wdmioctl.dll
2008-10-14 13:21 . 2006-07-10 14:42	49,152	---------	C:\WINDOWS\system32\DSndUp.exe
2008-10-14 13:21 . 2002-04-17 14:05	45,056	---------	C:\WINDOWS\system32\CleanUp.exe
2008-10-14 13:21 . 2006-06-30 09:00	28,160	-ra------	C:\WINDOWS\system32\PostProc.dll
2008-10-14 12:04 . 2008-10-14 12:04	<DIR>	d--------	C:\WINDOWS\ASUSInstAll
2008-10-14 11:59 . 2008-10-14 11:59	<DIR>	d--------	C:\WINDOWS\system32\drivers\system32
2008-10-14 11:59 . 2008-10-14 11:59	<DIR>	d--------	C:\WINDOWS\system32\drivers\INF
2008-10-14 11:58 . 2008-10-14 23:37	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2008-10-14 11:58 . 2008-10-14 11:58	<DIR>	d--------	C:\Programfiler\Intel
2008-10-14 11:58 . 2008-10-14 11:58	<DIR>	d--------	C:\Intel
2008-10-14 11:52 . 2008-10-14 14:14	18,225	--a------	C:\WINDOWS\Ascd_log.ini
2008-10-14 11:24 . 2008-10-15 17:36	19,810	--a------	C:\WINDOWS\Ascd_tmp.ini
2008-10-14 11:24 . 2006-10-11 05:33	10,288	--a------	C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-10-14 11:24 . 2004-08-12 10:00	5,810	-ra------	C:\WINDOWS\system32\drivers\ASACPI.sys
2008-10-14 11:08 . 2008-10-14 11:08	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\ATI
2008-10-14 11:03 . 2008-10-14 11:03	<DIR>	d--------	C:\Programfiler\Fellesfiler\ATI Technologies
2008-10-14 11:01 . 2006-12-28 18:44	84,992	-ra------	C:\WINDOWS\system32\drivers\AtiHdAud.sys
2008-10-14 11:00 . 2008-07-28 22:05	<DIR>	d--h-----	C:\Programfiler\InstallShield Installation Information
2008-10-14 11:00 . 2008-07-29 19:09	<DIR>	d--------	C:\Programfiler\ATI Technologies
2008-08-30 23:18 . 2008-08-30 23:18	<DIR>	d--------	C:\Programfiler\Trend Micro
2008-08-30 23:16 . 2008-08-30 23:34	<DIR>	dr-h-----	C:\Documents and Settings\Eirik\Siste
2008-08-30 23:07 . 2008-08-30 23:07	<DIR>	d--------	C:\Programfiler\SUPERAntiSpyware
2008-08-30 23:07 . 2008-08-30 23:07	<DIR>	d--------	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-08-30 23:07 . 2008-08-30 23:07	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com
2008-08-30 23:07 . 2008-08-30 23:07	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-08-30 23:03 . 2008-08-30 23:03	<DIR>	d--------	C:\Programfiler\CCleaner
2008-08-30 22:34 . 2008-08-30 22:34	<DIR>	d--------	C:\Documents and Settings\Administrator.SERVERHTPC\Programdata\vlc
2008-08-30 22:23 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator.SERVERHTPC\Programdata
2008-08-30 22:23 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator.SERVERHTPC\Maler
2008-08-30 22:23 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator.SERVERHTPC\Lokale innstillinger
2008-08-30 22:23 . 2008-08-30 22:56	<DIR>	d---s----	C:\Documents and Settings\Administrator.SERVERHTPC
2008-08-30 14:35 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator\Programdata
2008-08-30 14:35 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator\Maler
2008-08-30 14:35 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Administrator\Lokale innstillinger
2008-08-30 14:35 . 2008-08-30 22:56	<DIR>	d---s----	C:\Documents and Settings\Administrator
2008-08-30 13:08 . 2008-08-30 13:08	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\Malwarebytes
2008-08-30 13:07 . 2008-08-30 22:56	<DIR>	d--------	C:\Programfiler\Malwarebytes' Anti-Malware
2008-08-30 13:07 . 2008-08-30 13:07	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Malwarebytes
2008-08-24 18:35 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2008-08-24 18:34 . 2008-08-24 18:34	<DIR>	d--------	C:\Programfiler\MSBuild
2008-08-24 18:34 . 2008-08-24 18:34	<DIR>	d--------	C:\Programfiler\Microsoft Works
2008-08-24 18:33 . 2008-08-24 18:33	<DIR>	d--------	C:\Programfiler\Microsoft.NET
2008-08-24 18:32 . 2008-08-24 18:32	<DIR>	d--------	C:\Programfiler\Microsoft Visual Studio 8
2008-08-24 18:31 . 2008-08-24 18:34	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2008-08-24 18:31 . 2008-08-24 18:31	<DIR>	dr-h-----	C:\MSOCache
2008-08-24 18:31 . 2008-08-26 03:00	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Microsoft Help
2008-08-22 21:22 . 2008-08-22 21:22	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\skypePM
2008-08-22 21:22 . 2008-08-22 21:22	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat
2008-08-22 21:21 . 2008-08-22 21:21	<DIR>	d--------	C:\Programfiler\Skype
2008-08-22 21:21 . 2008-08-22 21:21	<DIR>	d--------	C:\Programfiler\Fellesfiler\Skype
2008-08-10 22:59 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-10 22:59 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-10 22:49 . 2008-08-10 22:49	<DIR>	d--------	C:\Programfiler\Hewlett-Packard
2008-08-10 22:49 . 2008-08-10 22:49	<DIR>	d--------	C:\Programfiler\Fellesfiler\Hewlett-Packard
2008-08-10 22:48 . 2008-08-10 22:58	19,574	--a------	C:\WINDOWS\hpoins01.dat
2008-08-10 22:48 . 2003-04-22 10:24	16,606	---------	C:\WINDOWS\hpomdl01.dat
2008-08-10 22:24 . 2004-08-03 23:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-10 22:24 . 2004-08-03 23:01	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-10 21:07 . 2008-08-10 21:07	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\AdobeUM
2008-08-09 13:05 . 2008-08-09 13:33	<DIR>	d--------	C:\Programfiler\World of Warcraft
2008-08-04 21:21 . 2008-08-04 21:21	<DIR>	d--------	C:\Program Files
2008-08-04 18:58 . 2008-08-04 18:58	<DIR>	d--------	C:\Programfiler\Celestia
2008-08-04 17:03 . 2008-08-04 17:03	<DIR>	d--------	C:\Programfiler\DVD Decrypter
2008-08-04 17:03 . 2008-08-04 17:03	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\RipIt4Me
2008-07-30 21:00 . 2004-08-04 01:03	21,504	--a------	C:\WINDOWS\system32\hidserv.dll
2008-07-30 21:00 . 2004-08-04 01:03	21,504	--a--c---	C:\WINDOWS\system32\dllcache\hidserv.dll
2008-07-30 15:20 . 2008-08-24 19:25	137,840	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-30 15:20 . 2008-08-24 19:25	111,928	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-07-30 15:20 . 2008-07-30 15:20	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-07-29 20:29 . 2008-07-29 20:29	<DIR>	d--------	C:\Programfiler\EA GAMES
2008-07-29 19:37 . 2008-08-26 23:00	<DIR>	d--------	C:\Programfiler\Opera
2008-07-29 19:15 . 2008-07-29 19:15	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\ATI
2008-07-29 19:14 . 2008-07-29 19:14	0	--a------	C:\WINDOWS\ativpsrm.bin
2008-07-29 19:05 . 2008-07-29 19:05	<DIR>	d--------	C:\ATI
2008-07-26 19:27 . 2008-07-26 19:27	<DIR>	d--------	C:\Programfiler\DVD Shrink
2008-07-26 19:27 . 2008-08-07 23:57	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\DVD Shrink
2008-07-26 02:09 . 2008-08-29 23:56	<DIR>	d--------	C:\WINDOWS\system32\CatRoot_bak
2008-07-23 19:59 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\dvdcss
2008-07-18 21:25 . 2008-07-18 21:25	<DIR>	d--------	C:\WINDOWS\Sun
2008-07-18 21:16 . 2008-07-18 21:16	<DIR>	d--------	C:\Programfiler\Java
2008-07-18 21:16 . 2008-06-10 02:32	73,728	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-07-18 21:15 . 2008-07-18 21:15	<DIR>	d--------	C:\Programfiler\Fellesfiler\Java
2008-07-18 20:22 . 2008-08-29 22:11	<DIR>	d--------	C:\Programfiler\uTorrent
2008-07-18 20:22 . 2008-08-30 22:56	<DIR>	d--------	C:\Documents and Settings\Eirik\Programdata\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 09:04	---------	d-----w	C:\Programfiler\Fellesfiler\InstallShield
2008-08-24 01:08	---------	d-----w	C:\Documents and Settings\Eirik\Programdata\Skype
2008-08-22 19:21	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Skype
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:33	253,952	----a-w	C:\WINDOWS\system32\es.dll
2008-07-04 06:33	3,230,720	----a-w	C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-04 03:48	9,490,432	----a-w	C:\WINDOWS\system32\atioglx2.dll
2008-07-04 03:25	421,888	----a-w	C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-04 03:23	309,248	----a-w	C:\WINDOWS\system32\ati2dvag.dll
2008-07-04 03:14	26,112	----a-w	C:\WINDOWS\system32\Ati2mdxx.exe
2008-07-04 03:14	184,320	----a-w	C:\WINDOWS\system32\atipdlxx.dll
2008-07-04 03:14	143,360	----a-w	C:\WINDOWS\system32\Oemdspif.dll
2008-07-04 03:13	43,520	----a-w	C:\WINDOWS\system32\ati2edxx.dll
2008-07-04 03:13	139,264	----a-w	C:\WINDOWS\system32\ati2evxx.dll
2008-07-04 03:12	561,152	----a-w	C:\WINDOWS\system32\ati2evxx.exe
2008-07-04 03:10	53,248	----a-w	C:\WINDOWS\system32\ATIDDC.DLL
2008-07-04 03:06	253,952	----a-w	C:\WINDOWS\system32\atiok3x2.dll
2008-07-04 03:00	3,786,144	----a-w	C:\WINDOWS\system32\ati3duag.dll
2008-07-04 02:55	307,200	----a-w	C:\WINDOWS\system32\atiiiexx.dll
2008-07-04 02:49	2,140,672	----a-w	C:\WINDOWS\system32\ativvaxx.dll
2008-07-04 02:30	348,160	----a-w	C:\WINDOWS\system32\atikvmag.dll
2008-07-04 02:28	53,248	----a-w	C:\WINDOWS\system32\drivers\ati2erec.dll
2008-07-04 02:28	17,408	----a-w	C:\WINDOWS\system32\atitvo32.dll
2008-07-04 02:22	565,248	----a-w	C:\WINDOWS\system32\ati2cqag.dll
2008-07-03 19:05	593,920	------w	C:\WINDOWS\system32\ati2sgag.exe
2008-06-24 16:24	74,240	----a-w	C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41	658,944	----a-w	C:\WINDOWS\system32\wininet.dll
2008-06-20 17:43	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:16	1,290,752	----a-w	C:\WINDOWS\system32\quartz.dll
2006-06-23 06:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 10:23 1953792]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-07-09 23:33 36352]
"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Eirik\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programfiler\\uTorrent\\uTorrent.exe"=
"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]
S3 p2pgasvc;Gruppegodkjenning for nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 p2pimsvc;Identitetsbehandling for nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 p2psvc;Nodenettverk;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 14:00]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 00:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ffca664-a5a2-11db-91d4-806d6172696f}]
\Shell\AutoRun\command - D:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcc1e8c1-a594-11db-913e-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
.
------- Supplementary Scan -------
.
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations (Beta) -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 23:35:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
-> C:\Documents and Settings\Eirik\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
.
Completion time: 2008-08-30 23:35:52
ComboFix-quarantined-files.txt  2008-08-30 21:35:48

Pre-Run: 3,507,957,760 byte ledig
Post-Run: 3,495,354,368 byte ledig

258	--- E O F ---	2008-08-26 01:00:36

 

 

 

SUPERAntiSpyware Scan Log

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2008 at 11:12 PM

Application Version : 4.20.1046

Core Rules Database Version : 3541
Trace Rules Database Version: 1530

Scan type	   : Quick Scan
Total Scan Time : 00:03:12

Memory items scanned	  : 528
Memory threats detected   : 0
Registry items scanned	: 354
Registry threats detected : 0
File items scanned		: 3962
File threats detected	 : 0

 

 

Endret 30. august 2008 av Hapo

[Svenni212000]

Du er ikke infisert med virus, Spyware, Adware eller annen Malware.

The NTUSER dat file is actually one of your Registry files. Unlike the other Registry files, NTUSER.DAT is stored in your personal Documents and Settings folder and contains the entire contents of the HKEY_LOCAL_USER branch of the Registry. You can’t delete it because it’s in use and protected, and you wouldn’t want to because otherwise you’ll mess up your whole computer! It will grow as you install more software that creates keys and sub keys in this branch of the Registry, and so is perfectly normal. To summarise: leave NTUSER.DAT alone.

[Hapo]

tusen takk for svar anntar at det var noe annet som forårsaket lyddriver feilen da

men hvorfor ble den plutselig "synlig" den var der ikke for 2 uker siden :S

og har den noe med dxvc_sig filen og gjøre? den dukker opp stadig flere steder...