Ksungam Skrevet 2. januar 2008 Del Skrevet 2. januar 2008 (endret) Hei, har gjort akkurat som i guiden, og har nå 3 logger. Fint om noen hadde giddet å sjekke de HJT: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 12:48:19, on 02.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programfiler\DellTPad\Apoint.exe C:\WINDOWS\system32\PMService.exe C:\WINDOWS\stsystra.exe C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DellTPad\Apntex.exe C:\Programfiler\DellTPad\HidFind.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\SomeUser\Mine dokumenter\Programmer\Virus og spyware\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gvs.vfk.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196245584968 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gvs.no O17 - HKLM\Software\..\Telephony: DomainName = gvs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gvs.no O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gvs.no O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE SAS: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/02/2008 at 05:49 AM Application Version : 3.9.1008 Core Rules Database Version : 3371 Trace Rules Database Version: 1366 Scan type : Complete Scan Total Scan Time : 02:04:32 Memory items scanned : 524 Memory threats detected : 0 Registry items scanned : 5439 Registry threats detected : 0 File items scanned : 44000 File threats detected : 0 ComboFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 07-12-31.4 - Bruker 2008-01-02 11:19:11.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.395 [GMT 1:00] Running from: C:\Documents and Settings\SomeUser\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))) . 2008-01-02 11:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 03:44 . 2008-01-02 03:44 <DIR> dr-h----- C:\Documents and Settings\SomeUser\Siste 2007-12-26 14:41 . 2007-12-26 14:41 <DIR> d-------- C:\Programfiler\Medieval Software 2007-12-23 01:41 . 2007-12-23 01:41 <DIR> d-------- C:\Programfiler\DivX 2007-12-21 21:57 . 2007-12-28 00:05 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS 2007-12-21 21:41 . 2008-01-02 11:09 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\AVG7 2007-12-21 21:40 . 2007-12-21 21:40 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2007-12-21 21:40 . 2007-12-21 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2007-12-19 09:05 . 2008-01-01 01:26 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\dvdcss 2007-12-16 17:22 . 2003-10-27 14:06 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx 2007-12-16 17:22 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-16 17:22 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll 2007-12-16 17:22 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll 2007-12-16 17:22 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca 2007-12-16 17:22 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca 2007-12-16 17:22 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe 2007-12-16 17:22 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-16 17:19 . 2007-12-21 21:59 <DIR> d-------- C:\Programfiler\UBISOFT 2007-12-15 22:11 . 2007-12-15 22:11 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Apple Computer 2007-12-15 22:03 . 2007-12-15 22:03 <DIR> d-------- C:\Programfiler\QuickTime 2007-12-15 22:03 . 2007-12-26 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer 2007-12-15 17:11 . 2007-12-15 17:11 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\TVU Networks 2007-12-15 17:09 . 2007-12-15 17:11 <DIR> d-------- C:\Programfiler\TVUPlayer 2007-12-14 02:03 . 2007-12-14 02:03 59 --a------ C:\WINDOWS\pp.enc 2007-12-12 13:57 . 2007-12-12 13:57 <DIR> d-------- C:\casio 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-05 21:39 . 2007-12-05 21:40 <DIR> d-------- C:\Programfiler\SopCast 2007-12-05 14:20 . 2007-12-05 14:20 <DIR> d-------- C:\Programfiler\GameSpy Arcade 2007-12-05 14:17 . 2007-12-05 14:17 <DIR> d-------- C:\Programfiler\Aspyr 2007-12-05 14:00 . 2007-12-05 14:00 1,635,291 --a------ C:\WINDOWS\WANEUninstaller.exe 2007-12-05 13:57 . 2007-12-05 13:58 <DIR> d-------- C:\Programfiler\Worms Armageddon - New Edition 2007-12-04 16:23 . 2007-12-15 23:04 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Hamachi 2007-12-04 16:22 . 2007-12-04 16:23 <DIR> d-------- C:\Programfiler\Hamachi 2007-12-04 16:22 . 2007-12-04 18:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-04 16:17 . 2007-12-04 16:18 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Ventrilo 2007-12-04 16:16 . 2007-12-04 16:16 <DIR> d-------- C:\Programfiler\Ventrilo 2007-12-03 23:17 . 2007-02-19 14:26 4,939,776 --a------ C:\WINDOWS\system32\stacgui.cpl 2007-12-03 23:17 . 2007-02-19 14:26 1,601,536 --a------ C:\WINDOWS\system32\stlang.dll 2007-12-03 23:17 . 2007-02-19 14:26 303,104 --a------ C:\WINDOWS\stsystra.exe 2007-12-03 23:17 . 2007-02-19 14:27 90,112 --a------ C:\WINDOWS\system32\stacsv.exe 2007-12-03 22:49 . 2007-12-03 22:49 <DIR> d-------- C:\Programfiler\DellTPad 2007-12-03 22:49 . 2006-11-02 08:09 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2007-12-03 22:49 . 2007-06-25 18:53 155,136 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys 2007-12-03 22:49 . 2007-06-25 19:51 100,418 --a------ C:\WINDOWS\system32\Vxdif.dll 2007-12-03 22:49 . 2007-12-03 22:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-03 22:49 . 2007-12-03 22:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2007-12-03 22:13 . 2007-12-03 22:13 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-03 03:33 . 2007-12-26 14:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-03 03:33 . 2007-12-03 03:33 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 01:16 . 2008-01-01 21:27 <DIR> d-------- C:\Programfiler\Project64 1.6 2007-12-03 00:30 . 2007-12-21 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7 2007-12-02 12:21 . 2007-12-02 12:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-02 02:44 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2007-12-31 12:49 --------- d-----w C:\Programfiler\Steam 2007-12-30 22:37 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\mIRC 2007-12-30 22:31 --------- d-----w C:\Programfiler\mIRC 2007-12-30 17:34 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Azureus 2007-12-27 22:33 --------- d-----w C:\Programfiler\Azureus 2007-12-21 20:59 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-21 17:46 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Microgaming 2007-12-20 11:38 --------- d-----w C:\Programfiler\Bizipoker3D 2007-12-13 14:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-10 23:02 --------- d-----w C:\Programfiler\DC++ 2007-12-04 15:16 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-02 22:56 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-12-01 16:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-12-01 15:59 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\SUPERAntiSpyware.com 2007-12-01 14:55 --------- d-----w C:\Programfiler\Sports Interactive 2007-12-01 07:07 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2007-12-01 06:59 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Sports Interactive 2007-12-01 01:32 --------- d-----w C:\Programfiler\Google 2007-11-30 23:13 --------- d-----w C:\Programfiler\DAEMON Tools 2007-11-30 19:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus 2007-11-30 19:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-30 19:47 --------- d--h--r C:\Documents and Settings\SomeUser\Programdata\SecuROM 2007-11-30 19:46 --------- d--h--w C:\Programfiler\Zero G Registry 2007-11-30 19:36 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys 2007-11-30 19:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro 2007-11-30 19:18 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\DAEMON Tools Pro 2007-11-30 19:14 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-30 15:38 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\vlc 2007-11-30 15:37 --------- d-----w C:\Programfiler\VideoLAN 2007-11-30 15:32 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Winamp 2007-11-30 15:28 --------- d-----w C:\Programfiler\Winamp 2007-11-30 15:25 --------- d-----w C:\Programfiler\CCleaner 2007-11-30 15:24 --------- d-----w C:\Programfiler\Lavasoft 2007-11-30 15:24 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Lavasoft 2007-11-30 13:28 --------- d-----w C:\Programfiler\Windows Live 2007-11-30 13:27 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2007-11-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2007-11-29 07:57 --------- d-----w C:\Programfiler\Java 2007-11-29 07:54 --------- d-----w C:\Programfiler\Fellesfiler\Java 2007-11-29 07:39 --------- d-----w C:\Programfiler\CASIO 2007-11-29 07:36 --------- d-----w C:\Documents and Settings\administrator\Programdata\ATI 2007-11-29 07:22 --------- d-----w C:\Programfiler\MSXML 6.0 2007-11-28 12:50 --------- d-----w C:\Programfiler\TI Education 2007-11-28 12:42 --------- d-----w C:\Programfiler\MSBuild 2007-11-28 12:42 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-28 12:41 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-28 12:39 --------- d-----w C:\Programfiler\Microsoft Visual Studio 8 2007-11-28 12:14 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\ATI 2007-11-28 12:11 --------- d-----w C:\Programfiler\ATI Technologies 2007-11-28 12:00 --------- d-----w C:\Programfiler\Reference Assemblies 2007-11-28 11:59 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-11-28 11:44 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-11-28 11:41 --------- d-----w C:\Programfiler\NetWaiting 2007-11-28 11:39 --------- d-----w C:\Programfiler\SigmaTel 2007-11-28 11:39 --------- d-----w C:\Programfiler\Broadcom 2007-11-28 10:20 --------- d-----w C:\Programfiler\Dell 2007-11-28 10:19 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\InstallShield 2007-11-22 09:20 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-11-22 09:20 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-22 08:40 --------- d-----w C:\Programfiler\microsoft frontpage 2007-11-22 08:38 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-11-22 08:37 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-11-22 08:37 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-09 18:17 806,912 ----a-w C:\WINDOWS\system32\BCMLogon.dll 2007-10-09 18:17 753,664 ----a-w C:\WINDOWS\system32\bcm1xsup.dll 2007-10-09 18:17 69,632 ----a-w C:\WINDOWS\system32\bcmwlpkt.dll 2007-10-09 18:17 65,536 ----a-w C:\WINDOWS\system32\wltrynt.dll 2007-10-09 18:17 278,528 ----a-w C:\WINDOWS\system32\bcmwlu00.exe 2007-10-09 18:17 24,064 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE 2007-10-09 18:17 2,682,880 ----a-w C:\WINDOWS\system32\vcredist_x86.exe 2007-10-09 18:17 2,670,592 ----a-w C:\WINDOWS\system32\WLBCGCBPRO731.DLL 2007-10-09 18:17 2,183,168 ----a-w C:\WINDOWS\system32\WLTRAY.EXE 2007-10-09 18:17 139,264 ----a-w C:\WINDOWS\system32\preflib.dll 2007-10-09 18:17 1,921,024 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE . ((((((((((((((((((((((((((((( snapshot@2007-12-22_ 0.41.57,75 ))))))))))))))))))))))))))))))))))))))))) . + 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll + 2007-02-28 13:21:04 130,472 ----a-w C:\WINDOWS\Downloaded Program Files\MineSweeper.dll + 2007-12-26 13:42:02 13,942 ----a-r C:\WINDOWS\Installer\{E9A5B341-167D-4042-8854-46F671F94049}\controlPanelIcon.exe + 2007-12-26 13:42:02 10,134 ----a-r C:\WINDOWS\Installer\{E9A5B341-167D-4042-8854-46F671F94049}\SystemFolder_msiexec.exe - 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 19:17 2183168] "ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112] "EPA_EZ_GPO_Tool"="C:\WINDOWS\system32\EZ_GPO_Tool.exe" [2007-08-05 20:04 77824] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 13:00 143360] "WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [ ] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Apoint"="C:\Programfiler\DellTPad\Apoint.exe" [2007-07-02 13:29 159744] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 22:02 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 21:40 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-21673\Scripts\Logon\0\0] "Script"=\\gvs.no\SYSVOL\gvs.no\scripts\felles.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-21673\Scripts\Logon\1\0] "Script"=\\gvs.no\sysvol\gvs.no\scripts\felles.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-500\Scripts\Logon\0\0] "Script"=\\gvs.no\sysvol\gvs.no\scripts\felles.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programfiler\QuickTime\QTTask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Programfiler\Steam\Steam.exe -silent R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 14:21] R2 EPA_GPO_PMService;Energy Star EZ GPO Power Management Configuration Tool;C:\WINDOWS\system32\PMService.exe [2007-08-05 20:05] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-02 11:22:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-02 11:24:00 C:\qoobox\ComboFix2.txt 2007-12-21 23:42:47 . 2007-12-14 02:02:14 --- E O F --- EDIT: Stusset litt over en ting nå. Ser at i SAS-loggen har den bare scannet 50 000 filer ca. Stemmer ikke det? Og jeg vet at det er nærmere 200 000 på pcen, og jeg vet også at jeg valgte full system scan, og ikke bare "smart". Endret 2. januar 2008 av ZiroN Lenke til kommentar
norbat Skrevet 2. januar 2008 Del Skrevet 2. januar 2008 (endret) Kan ikke se noe spesielt i loggene dine. Var det bare en sjekk eller er det noe som tilsier at du har fått noe rusk på PC-en? At SAS ikke 'scanner' alt av enkeltfiler, kan jeg ikke gi deg noe annet svar enn at det er forskjell på hvordan et antispywareprogram utfører sitt søk ('sjekker' ikke alt av systemfiler, oppdateringer tilhørende windows osv.) i motsetning til et antivirusprogram som scanner, vil jeg tro, så og si alt av filer da systemfiler o.l kan ha blitt infisert. Vet dette er litt klønete forklart, men ... Til meg ligger sas på ca. 60 000 filer og av-programmet ligger på 600 000 Endret 2. januar 2008 av norbat Lenke til kommentar
Ksungam Skrevet 2. januar 2008 Forfatter Del Skrevet 2. januar 2008 Som beskrevet i denne tråden har pc-en min vært utrolig treg de siste ukene. Det ble foreslått å sjekke pcen for virus, spyware ol. selv om jeg tvilte på at det var dette som var galt. Nå har jeg i hvertfall ganske sikre bevis på at det er pc-en, og ikke virus ol. som gjør pc-en treg. Har du noen tips til hva det kan være? Som sagt i den andre tråden, så tar det evig tid å f eks. kjøre virus scan, eller diskdefragmantere. Sist jeg diskfragmantere hang pc-en seg da den var ca. halvveis, etter å ha stått på i over 3 timer. Og jeg måtte la pc-en stå på over natten for å scanne med SAS. Lenke til kommentar
norbat Skrevet 2. januar 2008 Del Skrevet 2. januar 2008 Hvis dette er en skolepc, bør du kontakte systemansvarlig. De har mulighet til å reinstallere PC-en eller på annen måte sjekke om det er noe feil på den som gjør at PC-en oppleves tregt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå