Pizzaen Skrevet 25. august 2008 Del Skrevet 25. august 2008 Hei Jeg opplever egentlig ikke noe virus aktig borsett fra at maskinen er så treg at når jeg logger på en bruker så fyrser alt så eneste jeg kunne gjøre var og starte opp i sikkerhets modus, i det ene øyeblikket var pc'n helt fin også når jeg hadde surfet 10 min på nettet og tok en rebot så var den helt forferdelig !! Har fått til alle logger bortsett fra SAS som jeg ikke fikk til på grunn av at sikkerthetsmodus ikke lar meg kjøre den. Viss du finner sånn ca. 3 forskjellige antivirusprogrammer er det fordi jeg har drevet og testet ut diverse antivirus programmer Her er de loggene jeg fikk til og kjøre: HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:03:01, on 25.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Skrivebord\ddd\TEST.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [POL Agent] C:\Programfiler\POL\POL.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Programfiler\Fellesfiler\Nero\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-1409082233-839522115-682003330-1003\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent (User 'Vegard') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219000028125 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe -- End of file - 6672 bytes Combofix: ComboFix 08-08-24.03 - Administrator 2008-08-25 19:58:19.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.715 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\inst.dat C:\WINDOWS\system32\kw.dat C:\WINDOWS\system32\pk.bin . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-25 19:55 . 2008-08-25 19:55 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Apple Computer 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-08-25 19:53 . 2008-08-25 19:57 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-08-25 19:53 . 2008-08-25 19:55 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-08-25 19:53 . 2008-08-17 18:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-08-25 19:53 . 2008-08-25 19:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-08-25 19:53 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-08-25 19:53 . 2008-08-25 19:53 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-25 19:52 . 2008-08-25 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-25 18:27 . 2008-08-17 20:24 <DIR> dr------- C:\Documents and Settings\Felles\Start-meny 2008-08-25 18:27 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Felles\Skrivere 2008-08-25 18:27 . 2008-08-17 20:24 <DIR> d-------- C:\Documents and Settings\Felles\Skrivebord 2008-08-25 18:27 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Felles\Siste 2008-08-25 18:27 . 2008-08-25 18:28 <DIR> dr-h----- C:\Documents and Settings\Felles\Programdata 2008-08-25 18:27 . 2008-08-25 18:28 <DIR> dr------- C:\Documents and Settings\Felles\Mine dokumenter 2008-08-25 18:27 . 2008-08-17 18:33 <DIR> d--h----- C:\Documents and Settings\Felles\Maler 2008-08-25 18:27 . 2008-08-25 19:59 <DIR> d--h----- C:\Documents and Settings\Felles\Lokale innstillinger 2008-08-25 18:27 . 2008-08-25 18:28 <DIR> d-------- C:\Documents and Settings\Felles\Favoritter 2008-08-25 18:27 . 2008-08-17 20:24 <DIR> d--h----- C:\Documents and Settings\Felles\AndrMask 2008-08-25 18:27 . 2008-08-25 18:27 <DIR> d-------- C:\Documents and Settings\Felles 2008-08-25 18:05 . 2008-08-25 18:05 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-08-25 18:05 . 2008-08-25 18:05 <DIR> d-------- C:\Programfiler\Reference Assemblies 2008-08-25 18:04 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-08-25 18:04 . 2008-08-25 18:04 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-08-25 18:02 . 2008-08-25 18:02 <DIR> d-------- C:\Programfiler\Sony Setup 2008-08-25 17:40 . 2008-08-25 17:40 <DIR> d-------- C:\Programfiler\Xvid 2008-08-25 17:40 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-08-25 17:40 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-08-25 17:40 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-08-25 17:24 . 2008-08-25 17:24 <DIR> d-------- C:\Programfiler\Astonsoft 2008-08-25 17:20 . 2008-08-25 17:20 <DIR> d-------- C:\Programfiler\Google 2008-08-25 17:14 . 2008-08-25 17:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-25 17:14 . 2008-08-25 17:14 <DIR> d-------- C:\Programfiler\AVG 2008-08-25 17:14 . 2008-08-25 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 2008-08-25 17:14 . 2008-08-25 17:14 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-25 17:14 . 2008-08-25 17:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-25 17:02 . 2008-08-25 17:02 <DIR> d-------- C:\Programfiler\Alwil Software 2008-08-24 21:49 . 2008-08-24 21:50 <DIR> d-------- C:\Programfiler\ImgBurn 2008-08-24 21:15 . 2008-08-24 21:17 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero 2008-08-24 21:15 . 2008-08-24 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero 2008-08-24 18:38 . 2008-08-24 18:38 <DIR> d-------- C:\Programfiler\ESET 2008-08-24 18:01 . 2008-08-24 18:01 <DIR> d-------- C:\Programfiler\filehippo.com 2008-08-21 15:04 . 2008-08-21 15:04 <DIR> d-------- C:\WINDOWS\Sun 2008-08-21 14:46 . 2008-08-21 20:20 <DIR> d--hs---- C:\Programfiler\POL 2008-08-21 14:44 . 2008-08-22 03:03 <DIR> d-------- C:\Programfiler\BPK 2008-08-18 16:08 . 2008-08-18 16:14 <DIR> d-------- C:\Programfiler\TuneXP 2008-08-18 16:08 . 2008-08-18 16:08 720,896 --a------ C:\WINDOWS\iun6002.exe 2008-08-18 16:07 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-08-18 16:06 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-08-18 15:16 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-08-18 15:16 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-18 14:06 . 2008-08-25 17:48 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-18 11:45 . 2008-08-18 11:45 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-18 11:45 . 2008-08-18 11:45 <DIR> d-------- C:\Programfiler\Windows Desktop Search 2008-08-18 03:01 . 2008-04-14 09:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-17 21:19 . 2008-08-17 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage 2008-08-17 19:59 . 2008-08-17 19:59 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-08-17 19:55 . 2007-09-27 10:48 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-17 19:54 . 2008-08-17 20:00 <DIR> d-------- C:\Programfiler\ATI 2008-08-17 19:53 . 2008-08-17 19:54 <DIR> d-------- C:\Programfiler\ATI Technologies 2008-08-17 19:53 . 2008-07-03 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-08-17 19:49 . 2008-08-17 19:49 <DIR> d-------- C:\Programfiler\Realtek Sound Manager 2008-08-17 19:49 . 2008-08-17 19:49 <DIR> d-------- C:\Programfiler\Realtek AC97 2008-08-17 19:49 . 2008-08-17 19:54 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information 2008-08-17 19:49 . 2008-08-17 19:49 <DIR> d-------- C:\Programfiler\AvRack 2008-08-17 19:45 . 2008-08-17 19:53 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield 2008-08-17 19:44 . 2005-03-09 08:53 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-08-17 19:09 . 2008-08-25 19:40 <DIR> d-------- C:\Documents and Settings\Vegard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 17:47 --------- d-----w C:\Programfiler\Steam 2008-08-25 16:09 --------- d-----w C:\Programfiler\MSBuild 2008-08-24 19:15 --------- d-----w C:\Programfiler\Nero 2008-08-24 19:01 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2008-08-24 15:49 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-19 01:09 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-08-18 09:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-17 18:59 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared 2008-08-17 18:43 --------- d-----w C:\Programfiler\Safari 2008-08-17 18:43 --------- d-----w C:\Programfiler\Apple Software Update 2008-08-17 18:34 --------- d-----w C:\Programfiler\Microsoft Works 2008-08-17 18:33 --------- d-----w C:\Programfiler\Microsoft.NET 2008-08-17 18:31 --------- d-----w C:\Programfiler\Microsoft Visual Studio 8 2008-08-17 18:28 --------- d-----w C:\Programfiler\LimeWire 2008-08-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer 2008-08-17 18:27 --------- d-----w C:\Programfiler\Fraps 2008-08-17 18:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\ESET 2008-08-17 18:25 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-08-17 18:23 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-08-17 18:22 --------- d-----w C:\Programfiler\Windows Live 2008-08-17 18:21 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-08-17 18:21 --------- d-----w C:\Programfiler\uTorrent 2008-08-17 18:19 --------- d-----w C:\Programfiler\iTunes 2008-08-17 18:19 --------- d-----w C:\Programfiler\iPod 2008-08-17 18:19 --------- d-----w C:\Programfiler\Bonjour 2008-08-17 18:19 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-08-17 18:18 --------- d-----w C:\Programfiler\QuickTime 2008-08-17 18:18 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-08-17 18:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple 2008-08-17 18:17 --------- d-----w C:\Programfiler\CodeStuff 2008-08-17 18:16 --------- d-----w C:\Programfiler\GIMP-2.0 2008-08-17 18:16 --------- d-----w C:\Programfiler\ATITool 2008-08-17 18:15 --------- d-----w C:\Programfiler\Red Kawa 2008-08-17 18:15 --------- d-----w C:\Programfiler\DAMN NFO Viewer 2008-08-17 18:15 --------- d-----w C:\Programfiler\CCleaner 2008-08-17 18:14 --------- d-----w C:\Programfiler\VideoLAN 2008-08-17 18:14 --------- d-----w C:\Programfiler\Unlocker 2008-08-17 18:13 --------- d-----w C:\Programfiler\StatBar 2008-08-17 18:13 --------- d-----w C:\Programfiler\Java 2008-08-17 18:13 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-08-17 18:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\ATI 2008-08-17 16:37 --------- d-----w C:\Programfiler\microsoft frontpage 2008-08-17 16:35 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-08-17 16:35 --------- d-----w C:\Programfiler\Elektroniske tjenester 2008-08-17 16:33 --------- d-----w C:\Programfiler\Windows Media Connect 2 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 06:33 3,230,720 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-07-04 03:48 9,490,432 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-07-04 03:25 421,888 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-07-04 03:00 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-07-04 02:34 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-07-04 02:29 32,768 ----a-w C:\WINDOWS\system32\atiadlxx.dll 2008-07-04 02:28 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2008-05-26 20:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll 2008-05-26 20:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll 2008-05-26 20:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll 2008-05-26 20:19 273,408 ------w C:\WINDOWS\system32\oeph.dll 2008-05-26 20:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll 2008-05-26 20:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll 2008-05-26 20:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll 2008-05-26 20:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll 2008-05-26 20:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll 2008-05-26 20:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll 2008-05-26 20:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll 2008-05-26 20:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll 2008-05-26 20:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe 2008-05-26 20:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll 2008-05-26 20:18 350,208 ------w C:\WINDOWS\system32\mssph.dll 2008-05-26 20:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll 2008-05-26 20:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll 2008-05-26 20:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "NeroHomeFirstStart"="C:\Programfiler\Fellesfiler\Nero\Lib\NMFirstStart.exe" [2008-06-24 16:05 19752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "POL Agent"="C:\Programfiler\POL\POL.exe" [2008-08-15 23:57 933888] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 08:45 90112 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 1 (0x1) "SynchronousUserGroupPolicy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-25 17:14] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 17:14] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Programdata\Mozilla\Firefox\Profiles\h3oz686z.default\ FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 19:59:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-25 20:00:56 ComboFix-quarantined-files.txt 2008-08-25 18:00:38 Pre-Run: 35,122,728,960 byte ledig Post-Run: 35,111,641,088 byte ledig 262 --- E O F --- 2008-08-25 01:00:22 Lenke til kommentar
snippsat Skrevet 26. august 2008 Del Skrevet 26. august 2008 (endret) Viss du finner sånn ca. 3 forskjellige antivirusprogrammer er det fordi jeg har drevet og testet ut diverse antivirus programmer Ja og du lurer på hvorfor pcen er treg. Det har seg sånn at du kan kun ha et 1 antivirus på systemet. Flere skaper konfilkt og du får en treg pc. Skal du teste fjerner du alt antivirus-software og tester kun 1 og 1 antivirus av gangen. Loggene ser bra ut. Endret 26. august 2008 av SNIPPSAT Lenke til kommentar
Pizzaen Skrevet 26. august 2008 Forfatter Del Skrevet 26. august 2008 (endret) Viss du finner sånn ca. 3 forskjellige antivirusprogrammer er det fordi jeg har drevet og testet ut diverse antivirus programmer Ja og du lurer på hvorfor pcen er treg. Det har seg sånn at du kan kun ha et 1 antivirus på systemet. Flere skaper konfilkt og du får en treg pc. Skal du teste fjerner du alt antivirus-software og tester kun 1 og 1 antivirus av gangen. Loggene ser bra ut. Ok, takker Funker fint nå Endret 26. august 2008 av Pizzaen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå