Treeeg pc. Virus?

[sleepingbeauty]

Jeg har byttet antivirusprogram to ganger nå, fra f-secure til avast, som sparket ut en trojaner, og så til avg, som også sparket ut en trojaner. Men fortsatt er dataen irriterende treg. Så jeg lurer på om noen kan sjekke om det ligger noen flere uhumskheter her?

 

Combofix:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-09-15.02 - Ulovlig Søt 2008-09-16 13:42:05.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.485 [GMT 2:00]

Running from: C:\Program Files\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Ulovlig Søt\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\system32\MSINET.oca

E:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))

.

 

2008-09-14 13:26 . 2008-09-14 13:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-14 13:26 . 2008-09-14 13:26 <DIR> d-------- C:\Documents and Settings\Ulovlig Søt\Application Data\Malwarebytes

2008-09-14 13:26 . 2008-09-14 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-14 13:26 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-14 13:26 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-13 15:33 . 2008-09-14 01:39 <DIR> d-------- C:\Program Files\DC++

2008-09-11 13:30 . 2008-09-12 17:24 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-11 13:10 . 2008-09-16 12:44 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-11 13:10 . 2008-09-11 13:10 <DIR> d-------- C:\Program Files\AVG

2008-09-11 13:10 . 2008-09-11 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-09-11 13:10 . 2008-09-11 13:10 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-11 13:10 . 2008-09-11 13:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-11 13:10 . 2008-09-11 13:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-10 16:24 . 2008-09-10 16:24 <DIR> d-------- C:\Program Files\Lighthouse Interactive

2008-09-08 15:47 . 2008-09-08 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL

2008-09-08 15:44 . 2008-09-08 15:45 <DIR> d-------- C:\Program Files\EPSON Print CD

2008-09-08 15:42 . 2008-09-08 15:42 <DIR> d-------- C:\Documents and Settings\Ulovlig Søt\Application Data\InstallShield

2008-09-08 15:41 . 2008-09-08 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON

2008-09-08 15:40 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCLE.DLL

2008-09-08 15:40 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCLE.DLL

2008-09-08 15:40 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2008-09-08 15:38 . 2008-09-08 15:45 <DIR> d-------- C:\Program Files\epson

2008-09-08 15:38 . 2007-07-13 00:00 71,680 --a------ C:\WINDOWS\system32\escwiad.dll

2008-09-08 15:37 . 2008-09-08 15:37 26 --a------ C:\WINDOWS\CDERX585EXPORT.ini

2008-09-04 15:09 . 2008-09-06 17:06 <DIR> d-------- C:\Program Files\Spyware Terminator

2008-09-04 15:09 . 2008-09-06 17:06 <DIR> d-------- C:\Documents and Settings\Ulovlig Søt\Application Data\Spyware Terminator

2008-09-04 15:09 . 2008-09-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2008-09-04 15:09 . 2008-09-04 15:09 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-09-03 18:04 . 2008-09-03 18:05 <DIR> d-------- C:\Program Files\QuickTime

2008-09-03 18:01 . 2008-09-03 18:01 <DIR> d-------- C:\Program Files\Apple Software Update

2008-09-03 18:01 . 2008-09-03 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-08-31 11:34 . 2008-09-05 23:17 <DIR> d-------- C:\Program Files\Microids

2008-08-31 11:29 . 2008-08-31 11:29 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-08-31 11:24 . 2008-08-31 11:24 <DIR> d-------- C:\Documents and Settings\Ulovlig Søt\Application Data\DAEMON Tools

2008-08-31 11:24 . 2008-08-31 11:24 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-08-31 10:13 . 2008-08-31 10:13 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR

2008-08-27 16:23 . 2008-09-06 23:35 <DIR> d-------- C:\Documents and Settings\Ulovlig Søt\Application Data\dvdcss

2008-08-21 16:54 . 2008-09-03 16:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-21 16:54 . 2008-08-21 16:54 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-21 16:46 . 2008-08-21 16:46 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax

2008-08-21 16:45 . 2008-08-21 16:46 <DIR> d-------- C:\Program Files\Audible

2008-08-21 16:21 . 2008-08-21 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative

2008-08-21 16:19 . 2008-08-21 16:19 <DIR> d-------- C:\Program Files\Common Files\Creative

2008-08-21 16:19 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE

2008-08-21 16:19 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE

2008-08-21 16:15 . 2008-08-21 16:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-21 16:15 . 2008-08-21 17:05 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-20 19:05 . 2007-04-03 13:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys

2008-08-20 16:50 . 2007-04-03 13:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys

2008-08-20 16:50 . 2007-04-03 13:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys

2008-08-20 16:50 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys

2008-08-20 16:50 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-13 13:23 --------- d-----w C:\Program Files\Ultralingua

2008-09-11 11:42 --------- d-----w C:\Program Files\FlashGet

2008-09-08 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-08 13:49 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-03 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-08-31 08:12 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-30 14:36 --------- d-----w C:\Documents and Settings\Ulovlig Søt\Application Data\Creative

2008-08-22 09:39 --------- d-----w C:\Program Files\Opera

2008-08-21 14:21 --------- d--h--w C:\Program Files\Creative Installation Information

2008-08-21 14:21 --------- d-----w C:\Program Files\Creative

2008-08-15 11:40 --------- d-----w C:\Program Files\Private Moon Studios

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-12 18:08 21,848 ----a-w C:\Documents and Settings\Ulovlig Søt\Application Data\GDIPFONTCACHEV1.DAT

2008-04-19 14:03 21,787,912 ----a-w C:\Program Files\setupeng.exe

2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15360]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"EPSON Stylus Photo RX585 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE" [2007-03-30 182272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-06-01 401408]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-06-01 356352]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-25 5566464]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-12-05 159744]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2002-12-31 176216]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-09-02 57344]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 741376]

"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-11 1235736]

"nwiz"="nwiz.exe" [2005-03-25 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\soundman.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 C:\WINDOWS\AGRSMMSG.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 C:\WINDOWS\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 15360]

 

C:\Documents and Settings\Ulovlig S›t\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-08-08 1183744]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2005-06-01 06:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\WINDOWS\\system32\\spoolsv.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-11 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-11 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-11 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-11 76040]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2563e4bd-0c86-11dd-bd1f-0011f6069176}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.msn.com

R0 -: HKLM-Main,Start Page = hxxp://www.msn.com

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 13:44:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-16 13:46:14

ComboFix-quarantined-files.txt 2008-09-16 11:46:10

 

Pre-Run: 58,281,676,800 bytes free

Post-Run: 58,284,093,440 bytes free

 

203 --- E O F --- 2008-09-12 00:18:38

 

HjT:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:04:00, on 16.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\QuickTime\QTTask.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O1 - Hosts: HPC4135A HP001B78C4135A

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\WINDOWS\TEMP\E_S238.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9359 bytes

[snippsat]

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

---

Da ser det bra ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Sjekk java Java.

---

Surf trygt.

---

Anngående treg data.

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

Defragmering.

Auslogics Disk Defrag + Free Registry Defrag

---

Pass på en en prosesser bruker mye av cpu.

Ctrl+alt+del<prosesser>

Endret 16. september 2008 av SNIPPSAT

[sleepingbeauty]

Jeg har fjernet og fikset og er kjempeglad for all hjelp. Takk

Men pc'en er fortsatt treg.

[snippsat]

Poster et skjermbilde over er alle prosesser(trykk så cpu forbruk kommer øverst)Process explorer

Endret 16. september 2008 av SNIPPSAT

[Priest32]

Hei.

Ser tråden er gammel. Men jeg lurer på om AVG er synderen hos meg.

Den siste uken har pc'n brukt mer enn dobbelt så lang tid under oppstart. Ingen scanning etc..

Ser at avgrsx.exe bruker ca 10-30% i flere minutter etter jeg skrur på pc'n.. Den bruker også ca 65k av minne..

 

Det som skjer etter at strømmen kommer på er: Egentlig nytter det ikke å trykke på noen ting.. Ikke før jeg hører harddisken er ferdig med å "knase"..

En grei indikasjon på at maskinen er ferdig med det den gjør, er at ikonene blir korrekte.. Frem til scanningen er ferdig så er minst halvparten av ikonene "windows død link" inkoner..

 

Har lest at dette kan skyldes AVG.. Men, selv om jeg prøvde å skru AV AGV, så tok pc'n like lang tid ved oppstart.. Nesten 2min..

[Tosha0007]

Hei

 

Priest32, dersom du trur malware er grunn til problema køyr gjennom veiledninga og post eit nytt emne ved å trykkje "NYTT EMNE" knappen øvst på sida

 

Edit: Uansett kva du trur problemet er, bør du opprette ein ny tråd slik at me kan hjelpe deg der Ein tråd = eit problem

Endret 22. august 2009 av tosha0007