HJT- SAS- ComboFix-logg

[Ksungam]

Hei, har gjort akkurat som i guiden, og har nå 3 logger. Fint om noen hadde giddet å sjekke de

 

HJT:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 12:48:19, on 02.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\DellTPad\Apoint.exe

C:\WINDOWS\system32\PMService.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\DellTPad\Apntex.exe

C:\Programfiler\DellTPad\HidFind.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\SomeUser\Mine dokumenter\Programmer\Virus og spyware\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gvs.vfk.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Microgaming\Poker\nordicbetMPP\MPPoker.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196245584968

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gvs.no

O17 - HKLM\Software\..\Telephony: DomainName = gvs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gvs.no

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gvs.no

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Energy Star EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programfiler\SigmaTel\C-dur-lyd\WDM\StacSV.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

 

SAS:

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/02/2008 at 05:49 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3371

Trace Rules Database Version: 1366

 

Scan type : Complete Scan

Total Scan Time : 02:04:32

 

Memory items scanned : 524

Memory threats detected : 0

Registry items scanned : 5439

Registry threats detected : 0

File items scanned : 44000

File threats detected : 0

 

ComboFix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 07-12-31.4 - Bruker 2008-01-02 11:19:11.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.395 [GMT 1:00]

Running from: C:\Documents and Settings\SomeUser\Skrivebord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))

.

 

2008-01-02 11:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-02 03:44 . 2008-01-02 03:44 <DIR> dr-h----- C:\Documents and Settings\SomeUser\Siste

2007-12-26 14:41 . 2007-12-26 14:41 <DIR> d-------- C:\Programfiler\Medieval Software

2007-12-23 01:41 . 2007-12-23 01:41 <DIR> d-------- C:\Programfiler\DivX

2007-12-21 21:57 . 2007-12-28 00:05 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS

2007-12-21 21:41 . 2008-01-02 11:09 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\AVG7

2007-12-21 21:40 . 2007-12-21 21:40 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2007-12-21 21:40 . 2007-12-21 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2007-12-19 09:05 . 2008-01-01 01:26 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\dvdcss

2007-12-16 17:22 . 2003-10-27 14:06 140,488 --a------ C:\WINDOWS\system32\comdlg32.ocx

2007-12-16 17:22 . 2003-10-27 14:06 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX

2007-12-16 17:22 . 2003-10-27 14:06 69,632 --a------ C:\WINDOWS\system32\xmltok.dll

2007-12-16 17:22 . 2003-10-27 14:06 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll

2007-12-16 17:22 . 2003-10-27 14:06 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca

2007-12-16 17:22 . 2003-10-27 14:06 29,184 --a------ C:\WINDOWS\system32\MSINET.oca

2007-12-16 17:22 . 2003-10-27 14:06 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe

2007-12-16 17:22 . 2003-10-27 14:06 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-12-16 17:19 . 2007-12-21 21:59 <DIR> d-------- C:\Programfiler\UBISOFT

2007-12-15 22:11 . 2007-12-15 22:11 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Apple Computer

2007-12-15 22:03 . 2007-12-15 22:03 <DIR> d-------- C:\Programfiler\QuickTime

2007-12-15 22:03 . 2007-12-26 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2007-12-15 17:11 . 2007-12-15 17:11 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\TVU Networks

2007-12-15 17:09 . 2007-12-15 17:11 <DIR> d-------- C:\Programfiler\TVUPlayer

2007-12-14 02:03 . 2007-12-14 02:03 59 --a------ C:\WINDOWS\pp.enc

2007-12-12 13:57 . 2007-12-12 13:57 <DIR> d-------- C:\casio

2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

2007-12-05 21:39 . 2007-12-05 21:40 <DIR> d-------- C:\Programfiler\SopCast

2007-12-05 14:20 . 2007-12-05 14:20 <DIR> d-------- C:\Programfiler\GameSpy Arcade

2007-12-05 14:17 . 2007-12-05 14:17 <DIR> d-------- C:\Programfiler\Aspyr

2007-12-05 14:00 . 2007-12-05 14:00 1,635,291 --a------ C:\WINDOWS\WANEUninstaller.exe

2007-12-05 13:57 . 2007-12-05 13:58 <DIR> d-------- C:\Programfiler\Worms Armageddon - New Edition

2007-12-04 16:23 . 2007-12-15 23:04 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Hamachi

2007-12-04 16:22 . 2007-12-04 16:23 <DIR> d-------- C:\Programfiler\Hamachi

2007-12-04 16:22 . 2007-12-04 18:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-12-04 16:17 . 2007-12-04 16:18 <DIR> d-------- C:\Documents and Settings\SomeUser\Programdata\Ventrilo

2007-12-04 16:16 . 2007-12-04 16:16 <DIR> d-------- C:\Programfiler\Ventrilo

2007-12-03 23:17 . 2007-02-19 14:26 4,939,776 --a------ C:\WINDOWS\system32\stacgui.cpl

2007-12-03 23:17 . 2007-02-19 14:26 1,601,536 --a------ C:\WINDOWS\system32\stlang.dll

2007-12-03 23:17 . 2007-02-19 14:26 303,104 --a------ C:\WINDOWS\stsystra.exe

2007-12-03 23:17 . 2007-02-19 14:27 90,112 --a------ C:\WINDOWS\system32\stacsv.exe

2007-12-03 22:49 . 2007-12-03 22:49 <DIR> d-------- C:\Programfiler\DellTPad

2007-12-03 22:49 . 2006-11-02 08:09 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll

2007-12-03 22:49 . 2007-06-25 18:53 155,136 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys

2007-12-03 22:49 . 2007-06-25 19:51 100,418 --a------ C:\WINDOWS\system32\Vxdif.dll

2007-12-03 22:49 . 2007-12-03 22:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-12-03 22:49 . 2007-12-03 22:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2007-12-03 22:13 . 2007-12-03 22:13 <DIR> d--h----- C:\WINDOWS\PIF

2007-12-03 03:33 . 2007-12-26 14:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-03 03:33 . 2007-12-03 03:33 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-03 01:16 . 2008-01-01 21:27 <DIR> d-------- C:\Programfiler\Project64 1.6

2007-12-03 00:30 . 2007-12-21 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg7

2007-12-02 12:21 . 2007-12-02 12:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 02:44 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2007-12-31 12:49 --------- d-----w C:\Programfiler\Steam

2007-12-30 22:37 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\mIRC

2007-12-30 22:31 --------- d-----w C:\Programfiler\mIRC

2007-12-30 17:34 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Azureus

2007-12-27 22:33 --------- d-----w C:\Programfiler\Azureus

2007-12-21 20:59 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2007-12-21 17:46 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Microgaming

2007-12-20 11:38 --------- d-----w C:\Programfiler\Bizipoker3D

2007-12-13 14:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2007-12-10 23:02 --------- d-----w C:\Programfiler\DC++

2007-12-04 15:16 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-12-02 22:56 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2007-12-01 16:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2007-12-01 15:59 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\SUPERAntiSpyware.com

2007-12-01 14:55 --------- d-----w C:\Programfiler\Sports Interactive

2007-12-01 07:07 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2007-12-01 06:59 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Sports Interactive

2007-12-01 01:32 --------- d-----w C:\Programfiler\Google

2007-11-30 23:13 --------- d-----w C:\Programfiler\DAEMON Tools

2007-11-30 19:48 --------- d-----w C:\Documents and Settings\All Users\Programdata\Azureus

2007-11-30 19:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-11-30 19:47 --------- d--h--r C:\Documents and Settings\SomeUser\Programdata\SecuROM

2007-11-30 19:46 --------- d--h--w C:\Programfiler\Zero G Registry

2007-11-30 19:36 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys

2007-11-30 19:20 --------- d-----w C:\Programfiler\DAEMON Tools Pro

2007-11-30 19:18 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\DAEMON Tools Pro

2007-11-30 19:14 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-30 15:38 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\vlc

2007-11-30 15:37 --------- d-----w C:\Programfiler\VideoLAN

2007-11-30 15:32 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Winamp

2007-11-30 15:28 --------- d-----w C:\Programfiler\Winamp

2007-11-30 15:25 --------- d-----w C:\Programfiler\CCleaner

2007-11-30 15:24 --------- d-----w C:\Programfiler\Lavasoft

2007-11-30 15:24 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\Lavasoft

2007-11-30 13:28 --------- d-----w C:\Programfiler\Windows Live

2007-11-30 13:27 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-11-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-11-29 07:57 --------- d-----w C:\Programfiler\Java

2007-11-29 07:54 --------- d-----w C:\Programfiler\Fellesfiler\Java

2007-11-29 07:39 --------- d-----w C:\Programfiler\CASIO

2007-11-29 07:36 --------- d-----w C:\Documents and Settings\administrator\Programdata\ATI

2007-11-29 07:22 --------- d-----w C:\Programfiler\MSXML 6.0

2007-11-28 12:50 --------- d-----w C:\Programfiler\TI Education

2007-11-28 12:42 --------- d-----w C:\Programfiler\MSBuild

2007-11-28 12:42 --------- d-----w C:\Programfiler\Microsoft Works

2007-11-28 12:41 --------- d-----w C:\Programfiler\Microsoft.NET

2007-11-28 12:39 --------- d-----w C:\Programfiler\Microsoft Visual Studio 8

2007-11-28 12:14 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\ATI

2007-11-28 12:11 --------- d-----w C:\Programfiler\ATI Technologies

2007-11-28 12:00 --------- d-----w C:\Programfiler\Reference Assemblies

2007-11-28 11:59 --------- d-----w C:\Programfiler\Windows Media Connect 2

2007-11-28 11:44 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2007-11-28 11:41 --------- d-----w C:\Programfiler\NetWaiting

2007-11-28 11:39 --------- d-----w C:\Programfiler\SigmaTel

2007-11-28 11:39 --------- d-----w C:\Programfiler\Broadcom

2007-11-28 10:20 --------- d-----w C:\Programfiler\Dell

2007-11-28 10:19 --------- d-----w C:\Documents and Settings\SomeUser\Programdata\InstallShield

2007-11-22 09:20 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2007-11-22 09:20 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2007-11-22 08:40 --------- d-----w C:\Programfiler\microsoft frontpage

2007-11-22 08:38 --------- d-----w C:\Programfiler\Elektroniske tjenester

2007-11-22 08:37 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2007-11-22 08:37 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-09 18:17 806,912 ----a-w C:\WINDOWS\system32\BCMLogon.dll

2007-10-09 18:17 753,664 ----a-w C:\WINDOWS\system32\bcm1xsup.dll

2007-10-09 18:17 69,632 ----a-w C:\WINDOWS\system32\bcmwlpkt.dll

2007-10-09 18:17 65,536 ----a-w C:\WINDOWS\system32\wltrynt.dll

2007-10-09 18:17 278,528 ----a-w C:\WINDOWS\system32\bcmwlu00.exe

2007-10-09 18:17 24,064 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE

2007-10-09 18:17 2,682,880 ----a-w C:\WINDOWS\system32\vcredist_x86.exe

2007-10-09 18:17 2,670,592 ----a-w C:\WINDOWS\system32\WLBCGCBPRO731.DLL

2007-10-09 18:17 2,183,168 ----a-w C:\WINDOWS\system32\WLTRAY.EXE

2007-10-09 18:17 139,264 ----a-w C:\WINDOWS\system32\preflib.dll

2007-10-09 18:17 1,921,024 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-22_ 0.41.57,75 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-02-28 13:21:04 130,472 ----a-w C:\WINDOWS\Downloaded Program Files\MineSweeper.dll

+ 2007-12-26 13:42:02 13,942 ----a-r C:\WINDOWS\Installer\{E9A5B341-167D-4042-8854-46F671F94049}\controlPanelIcon.exe

+ 2007-12-26 13:42:02 10,134 ----a-r C:\WINDOWS\Installer\{E9A5B341-167D-4042-8854-46F671F94049}\SystemFolder_msiexec.exe

- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-10-09 19:17 2183168]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]

"EPA_EZ_GPO_Tool"="C:\WINDOWS\system32\EZ_GPO_Tool.exe" [2007-08-05 20:04 77824]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 13:00 143360]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [ ]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"Apoint"="C:\Programfiler\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 22:02 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 21:40 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-21673\Scripts\Logon\0\0]

"Script"=\\gvs.no\SYSVOL\gvs.no\scripts\felles.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-21673\Scripts\Logon\1\0]

"Script"=\\gvs.no\sysvol\gvs.no\scripts\felles.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2534152711-3714080840-1993296370-500\Scripts\Logon\0\0]

"Script"=\\gvs.no\sysvol\gvs.no\scripts\felles.bat

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Programfiler\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programfiler\QuickTime\QTTask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Programfiler\Steam\Steam.exe -silent

 

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 14:21]

R2 EPA_GPO_PMService;Energy Star EZ GPO Power Management Configuration Tool;C:\WINDOWS\system32\PMService.exe [2007-08-05 20:05]

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 21:50]

 

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-02 11:22:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-02 11:24:00

C:\qoobox\ComboFix2.txt 2007-12-21 23:42:47

.

2007-12-14 02:02:14 --- E O F ---

 

EDIT: Stusset litt over en ting nå. Ser at i SAS-loggen har den bare scannet 50 000 filer ca. Stemmer ikke det? Og jeg vet at det er nærmere 200 000 på pcen, og jeg vet også at jeg valgte full system scan, og ikke bare "smart".

Endret 2. januar 2008 av ZiroN

[norbat]

Kan ikke se noe spesielt i loggene dine. Var det bare en sjekk eller er det noe som tilsier at du har fått noe rusk på PC-en?

 

At SAS ikke 'scanner' alt av enkeltfiler, kan jeg ikke gi deg noe annet svar enn at det er forskjell på hvordan et antispywareprogram utfører sitt søk ('sjekker' ikke alt av systemfiler, oppdateringer tilhørende windows osv.) i motsetning til et antivirusprogram som scanner, vil jeg tro, så og si alt av filer da systemfiler o.l kan ha blitt infisert. Vet dette er litt klønete forklart, men ...

 

Til meg ligger sas på ca. 60 000 filer og av-programmet ligger på 600 000

Endret 2. januar 2008 av norbat

[Ksungam]

Som beskrevet i denne tråden har pc-en min vært utrolig treg de siste ukene. Det ble foreslått å sjekke pcen for virus, spyware ol. selv om jeg tvilte på at det var dette som var galt. Nå har jeg i hvertfall ganske sikre bevis på at det er pc-en, og ikke virus ol. som gjør pc-en treg. Har du noen tips til hva det kan være? Som sagt i den andre tråden, så tar det evig tid å f eks. kjøre virus scan, eller diskdefragmantere. Sist jeg diskfragmantere hang pc-en seg da den var ca. halvveis, etter å ha stått på i over 3 timer. Og jeg måtte la pc-en stå på over natten for å scanne med SAS.

[norbat]

Hvis dette er en skolepc, bør du kontakte systemansvarlig. De har mulighet til å reinstallere PC-en eller på annen måte sjekke om det er noe feil på den som gjør at PC-en oppleves tregt.