Gå til innhold

Kan noen ta en titt på loggene mine? (Trojan.Vundo)


Anbefalte innlegg

Heisann!

 

pc'en min har de siste dagene blitt fryktelig treg. alle spill hakker og å skrive en melding slik som denne tar en evighet fordi teksten kommer ikke kommer på skjermen før lenge etter jeg er ferdig å skrive.

 

SAS finner ingen feil. heller ikke spybot eller ad-aware.

 

Malwarebytes' Anti-Malware 1.23 fikk noen treff på Trojan.Vundo

dem fjernet jeg, men maskinen er like treg.

 

for 3 mnd siden hadde jeg Virtumonde / Vundu, som jeg med hjelp fra denne siden fikk fjernet.

- https://www.diskusjon.no/index.php?showtopic=941485 -

 

har nå kjørt CCleaner, SAS, Combofix og HJT og Malwarebytes' Anti-Malware.

 

her er loggene:

 

 

Malwarebytes' Anti-Malware 1.23:

 

 

Malwarebytes' Anti-Malware 1.23

Database versjon: 1007

Windows 5.1.2600 Service Pack 2

 

18:19:03 29.07.2008

mbam-log-7-29-2008 (18-19-03).txt

 

Skanntype: Full Skann (C:\|)

Objekter skannet: 107502

Tid tilbakelagt: 31 minute(s), 2 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 3

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\BMa3158e87.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\xxx\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

SAS:

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 07/29/2008 at 05:53 PM

 

Application Version : 4.1.1046

 

Core Rules Database Version : 3519

Trace Rules Database Version: 1509

 

Scan type : Quick Scan

Total Scan Time : 00:11:43

 

Memory items scanned : 580

Memory threats detected : 0

Registry items scanned : 486

Registry threats detected : 0

File items scanned : 8965

File threats detected : 0

 

 

 

Combofix:

 

 

ComboFix 08-07-28.6 - xxx 2008-07-29 18:32:40.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2635 [GMT 2:00]

Running from: C:\Documents and Settings\xxx\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))

.

 

2008-07-29 17:46 . 2008-07-29 17:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-29 17:46 . 2008-07-29 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-29 17:46 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-29 17:46 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-26 18:41 . 2008-07-26 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony

2008-07-26 18:37 . 2008-07-26 18:37 <DIR> d-------- C:\Program Files\Sony

2008-07-26 18:36 . 2008-07-26 18:36 <DIR> d-------- C:\Program Files\QuickTime

2008-07-26 18:36 . 2008-07-26 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-07-26 18:35 . 2008-07-26 18:35 <DIR> d-------- C:\Program Files\Apple Software Update

2008-07-26 18:35 . 2008-07-26 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-07-26 18:34 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb

2008-07-26 18:34 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb

2008-07-26 18:34 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb

2008-07-26 18:33 . 2008-07-26 22:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-26 16:51 . 2008-07-26 16:51 <DIR> d-------- C:\ppmaterecord

2008-07-26 16:09 . 2008-07-26 16:09 <DIR> d-------- C:\Program Files\Common Files\Synacast

2008-07-26 15:28 . 2008-07-26 15:28 <DIR> d-------- C:\Program Files\Avanquest update

2008-07-26 15:28 . 2008-07-26 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software

2008-07-26 15:27 . 2008-07-26 18:37 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-07-26 15:27 . 2008-07-26 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-07-20 03:59 . 2008-07-20 03:59 <DIR> d-------- C:\Steinberg

2008-07-20 01:28 . 2008-07-26 16:09 <DIR> d-------- C:\Program Files\Stream

2008-07-20 01:17 . 2008-07-28 13:06 <DIR> d-------- C:\Program Files\PeerGuardian2

2008-07-19 23:40 . 2008-07-19 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2008-07-19 23:39 . 2008-07-19 23:40 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

2008-07-19 23:39 . 2008-07-19 23:40 <DIR> d-------- C:\Program Files\AVS4YOU

2008-07-12 08:42 . 2008-07-12 08:42 <DIR> d--h----- C:\WINDOWS\PIF

2008-07-02 17:09 . 2008-07-02 17:09 <DIR> d-------- C:\WINDOWS\Sun

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-29 11:11 --------- d-----w C:\Program Files\Lavasoft

2008-07-29 11:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-29 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-07-27 11:57 --------- d-----w C:\Program Files\eMule

2008-07-26 13:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-06 22:03 --------- d-----w C:\Program Files\uTorrent

2008-06-27 18:28 --------- d-----w C:\Program Files\Subdownloader

2008-06-26 21:25 --------- d-----w C:\Program Files\Toontrack

2008-06-26 17:27 --------- d-----w C:\Program Files\Waves

2008-06-26 17:25 --------- d-----w C:\Program Files\Steinberg

2008-06-21 15:50 --------- d-----w C:\Program Files\M-Audio MobilePre

2008-06-21 15:49 729,088 ----a-w C:\WINDOWS\iun6002.exe

2008-06-21 15:49 30,976 ----a-w C:\WINDOWS\system32\drivers\MA763004.sys

2008-06-21 15:03 --------- d-----w C:\Program Files\M-Audio

2008-06-20 18:17 --------- d-----w C:\Program Files\Syncrosoft

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP

2008-06-20 05:06 --------- d-----w C:\Program Files\Enigma Software Group

2008-06-15 06:07 --------- d-----w C:\Program Files\Opera

2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 05:46 13508608]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-17 21:40 17920]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 19:16 184320]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 05:46 86016]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-09-08 16:43 1036288]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

"nwiz"="nwiz.exe" [2008-02-22 05:46 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2008-02-22 05:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-30 14:35:55 24576]

M-Audio MobilePre Control Panel Launcher.lnk - C:\Program Files\M-Audio MobilePre\MPTask.exe [2004-03-05 00:29:11 61440]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 15:20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2008-03-30 14:41 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2006-08-17 10:00 1116920 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

--a------ 2006-11-05 12:22 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--a------ 2008-02-20 17:20 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-05-21 15:20 1510640 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-03-30 14:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Spill\\Anno 1701\\Anno1701.exe"=

"C:\\Program Files\\Spill\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Program Files\\Spill\\Sierra Entertainment\\World in Conflict\\wic.exe"=

"C:\\Program Files\\Spill\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=

"C:\\Program Files\\Spill\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Spill\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"C:\\Program Files\\Stream\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Stream\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\Stream\\TVAnts\\Tvants.exe"=

"C:\\Program Files\\Stream\\PPMate\\ppmate.exe"=

"C:\\Program Files\\Stream\\PPMate\\ppamnet.exe"=

"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 MobilePreInstallerService;MobilePre Installer;C:\Program Files\M-Audio MobilePre\Install\MPInst.exe [2008-06-21 17:49]

S3 ma763004;M-Audio MobilePre USB;C:\WINDOWS\system32\drivers\MA763004.sys [2008-06-21 17:49]

S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 09:33]

S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33]

S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33]

S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 09:33]

S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 09:33]

S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);C:\WINDOWS\system32\DRIVERS\s3117bus.sys [2008-05-12 14:15]

S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s3117mdfl.sys [2008-05-12 14:15]

S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s3117mdm.sys [2008-05-12 14:15]

S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s3117mgmt.sys [2008-05-12 14:15]

S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);C:\WINDOWS\system32\DRIVERS\s3117nd5.sys [2008-05-12 14:15]

S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s3117obex.sys [2008-05-12 14:15]

S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);C:\WINDOWS\system32\DRIVERS\s3117unic.sys [2008-05-12 14:15]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

 

2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = www.google.no/

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=ZK-GiXPWEIIC9ms5P3Bk_NGoubg

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 18:37:12

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Program Files\NetLimiter\nl_lsp.dll

-> C:\WINDOWS\system32\nl_msgc.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Avast4\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\scardsvr.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avast4\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2008-07-29 18:40:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-29 16:40:32

ComboFix2.txt 2008-04-19 19:33:03

 

Pre-Run: 81,669,525,504 bytes free

Post-Run: 81,620,385,792 bytes free

 

224 --- E O F --- 2008-07-27 13:25:24

 

 

 

 

HJT:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:44:29, on 29.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Avast4\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\M-Audio MobilePre\Install\MPInst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avast4\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Avast4\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\M-Audio MobilePre\MPTask.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=en&client=dell-row&channel=no&ibd=5080330

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=ZK...9ms5P3Bk_NGoubg

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: M-Audio MobilePre Control Panel Launcher.lnk = C:\Program Files\M-Audio MobilePre\MPTask.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.cdon.com

O15 - Trusted Zone: http://www.viasat.com

O15 - Trusted Zone: http://www.viasat.no

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MobilePre Installer (MobilePreInstallerService) - M-Audio - C:\Program Files\M-Audio MobilePre\Install\MPInst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10913 bytes

 

 

 

 

på forhånd takk!

Lenke til kommentar
Videoannonse
Annonse

Defragmering.

Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag

 

Loggene ser fine ut,så da må man lete etter andre årsaker.

Følg med på process explorer at ikke prosess begynner og ta mye cpu kraft.dette vil føre til hakking og at den blir treg.

 

Sjekk ytelsen og feil på hdd.

Hd Tune

 

Start->kjør->cmd

CHKDSK /F

CHKDSK /R

 

Minne.

Memtest86+ 2.01

 

Varmen kan være et problem nå.

Sjekk det.

http://www.lavalys.com/products/download.p...=UE&lang=en

Maskinavn->sensor

 

Husk kjør CCleaner som dette.

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

Endret av SNIPPSAT
Lenke til kommentar

har nå kjørt alle programmene og fant ingen feil.

maskinen booter kanskje litt raskere nå, men windows hakker fortsatt. spesielt når jeg skriver.

 

fikk ikke til minnetesten ( Memtest86+ 2.01 ) . pcN ville ikke boote fra cd.

brant cden men ROXY og valgte "make bootable".

 

har fulgt litt med på temperaturen og maskinen hakker selv om den ligger på 45 grader. den var oppe i 59.

vet ikke hva som er normalt.

 

nå mens jeg har kjørt alle disse programmene og har restarted mange ganger, har maskinen låst seg en del under windows xp logoen i oppstarten.

noen ikoner fra verktøylinjen er blitt borte. bl. a. avast antivirus sine, men programmet fungerer normalt mens jeg starter det fra startmenyen.

 

defragmentereren til windows kjører jeg med jevne mellomrom og jeg bruker også CCleaner til vanlig.

også alle disse anti spyware programmene.

 

noen ideer? vil helst unngå å formatere..

Lenke til kommentar

Ja trail versjon har tatt bort gpu(skjermkort)temp.

Pc wizard

http://pc-wizard-2008.en.softonic.com/

 

Denne kan du teste skjermkort

http://www.softpedia.com/get/Tweak/Video-Tweak/ATITool.shtml

 

55 c er greit viss det ikke stiger alt for mye når du belaster.

http://www.ocbase.com/perestroika_en/index.php

 

Du må tenke på når den er treg,hele tiden-spiller-surfer.

Og feilsøke utifra det.

 

Det er alltid mulig og finne årsaken.

Endret av SNIPPSAT
Lenke til kommentar
Ja trail versjon har tatt bort gpu(skjermkort)temp.

Pc wizard

http://pc-wizard-2008.en.softonic.com/

 

Denne kan du teste skjermkort

http://www.softpedia.com/get/Tweak/Video-Tweak/ATITool.shtml

 

55 c er greit viss det ikke stiger alt for mye når du belaster.

http://www.ocbase.com/perestroika_en/index.php

 

Du må tenke på hvem når den er treg,hele tiden-spiller-surfer.

Og feilsøke utifra det.

 

Det er alltid mulig og finne årsaken.

 

 

maskinen blir mest brukt til surfing, musikk og film. er ikke noen storspiller, men spiller av og til.

 

 

hva mente du med "trail versjon har tatt bort gpu?"

har under middels peiling på data..

Lenke til kommentar
defragmentereren til windows kjører jeg med jevne mellomrom og jeg bruker

Du må kjøre de program jeg har linket til.

 

fikk ikke til minnetesten ( Memtest86+ 2.01 ) . pcN ville ikke boote fra cd.

brant cden men ROXY og valgte "make bootable".

Du skal bare åpne iso filen og brenne,da er dette en boot cd.

Husk bootrekkefølge i bios cd første boot.

 

men windows hakker fortsatt. spesielt når jeg skriver.

Boot trykk f8 flere ganger,velg sikkerhetmodus med nettverk.

Prøv og skriv og bruk den litt her.

I sikkerhetmodus lag en bruker(kontrolpanel->brukerkontoer)

Logg deg på den og se om det hjelper.

 

hva mente du med "trail versjon har tatt bort gpu?"

At den ikke viser temp til skjermkortet(derfor pc wizard)

Endret av SNIPPSAT
Lenke til kommentar

har nå kjørt minnetesten (Memtest86+ 2.01) og fant ingen feil.

har og kjørt samtlige program nevnt i tråden uten å finne feil.

finner junkfiles i defragmenteringen, men etter å ha kjørt ccleaner finner han ca like mange.. ca 2000

 

etterpå startet jeg pc i safe mode. der fungerte alt fint. ingen lagging.

laget en ny bruker og når jeg nå har startet på nytt, i normal mode, er laggingen tilbake.

det lagger på begge kontoene.

 

ATITool forstod jeg fint lite av.

 

hver gang jeg nå rebooter må windows avslutte noe som heter "CL RC Engine3 Dummy Winidow"

har ikke peiling på hva det kan være og har aldri sett det før.

Endret av iminf
Lenke til kommentar
CL RC Engine3 Dummy Winidow

Start->kjør->msconfig->oppstart

PCMService.exe fjern denne fra oppstart.

 

I process explorer.

View->select columns->process memory

Sett hake.

Private bytes,virutal size,working set size.

 

Dette er for og se minnebruk.

 

Følg med hele tiden process explorer på cpu og minnebruk.

 

Har du derfragmert og restartet?

Endret av SNIPPSAT
Lenke til kommentar
CL RC Engine3 Dummy Winidow

Start->kjør->msconfig->oppstart

PCMService.exe fjern denne fra oppstart.

 

I process explorer.

View->select columns->process memory

Sett hake.

Private bytes,virutal size,working set size.

 

Dette er for og se minnebruk.

 

Følg med hele tiden process explorer på cpu og minnebruk.

 

Har du derfragmert og restartet?

 

 

ja

Lenke til kommentar
det har ikke lagget siden jeg fjernet PCMService.exe. var den grunnen?

Ja det var nok det.

 

Process exploere ser greit ut.

Husk at man må se på process explorer over tid.

Denne gir mye info og man kan gå langt inn i hver prosess.

Endret av SNIPPSAT
Lenke til kommentar

Process exploere ser greit ut.

Husk at man må se på process explorer over tid.

Denne gir mye info og man kan gå langt inn i hver prosess.

 

:) hehe. takk for tipset. skal se litt på den, men vet ikke hvor langt inn i de prosessene jeg har lyst å gå :)

 

 

tusen takk for hjelpen!!!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...