Snytefant Skrevet 1. september 2008 Del Skrevet 1. september 2008 (endret) Hei Har i det siste lagt merke til at pcn tar mye lenger tid å starte opp en den gjorde for ca. 3 uker siden. Så det må jo ha skjedd ett eller annet. Pcn er så å si ny, kjøpte den i slutten av mai. Fungert helt perfekt, men nå altså, dette. Innimellom, kanskje hvert 20 minutt, begynner pcn å lagge, ser på hardisk-lyset at den jobber, lyse blinker ikke, det bare lyser. Muse pekeren lagger bortover på en måte, musikken hakker også, dette kan vare fra 1-2 sekunder til 10 sekunder. Så blir det helt fint igjen, før det har gått ca. 20 minutter, da er det pån igjen. Ser også at den sender utrolig mange pakker på nettet, hvilket gjør at nettet blir tregt, vet ikke om man kan se noe om det i HJT loggen, men finner dere noe suspekt, så gævl ut HJT log fil, for de som skjønner seg på dem. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:23:34, on 01.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\WZCBDL Service\WZCBDLS.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\sdphost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WhatPulse\WhatPulse.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Files Driver] sdphost.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programfiler\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe -- End of file - 10298 bytes Takker for svar Endret 2. september 2008 av iRipley Lenke til kommentar
norbat Skrevet 1. september 2008 Del Skrevet 1. september 2008 Kjør gjennom veiledningen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246 Loggene det spørres etter, poster du her i din egen tråd. Lenke til kommentar
Snytefant Skrevet 1. september 2008 Forfatter Del Skrevet 1. september 2008 Alle loggene. HJT-log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:40, on 01.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\McAfee.com\Agent\mcagent.exe C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\sdphost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WhatPulse\WhatPulse.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\WZCBDL Service\WZCBDLS.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Erik\Skrivebord\testetst\testetst.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Files Driver] sdphost.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe -- End of file - 9659 bytes Combofix log ComboFix 08-08-31.01 - Erik 2008-09-01 23:15:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1300 [GMT 2:00] Running from: C:\Documents and Settings\Erik\Skrivebord\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\smp.bat C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))) . 2008-09-01 23:20 . 2008-09-01 23:20 240,240 --a------ C:\WINDOWS\system32\wpcap.dll 2008-09-01 23:20 . 2008-09-01 23:20 88,704 --a------ C:\WINDOWS\system32\packet.dll 2008-09-01 23:20 . 2008-09-01 23:20 42,512 --a------ C:\WINDOWS\system32\drivers\npf.sys 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\SUPERAntiSpyware.com 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-09-01 21:54 . 2008-09-01 23:06 <DIR> dr-h----- C:\Documents and Settings\Erik\Siste 2008-09-01 21:52 . 2008-09-01 21:52 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-01 21:23 . 2008-09-01 21:23 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-31 15:48 . 2008-09-01 16:10 <DIR> d-------- C:\WINDOWS\NV35643008.TMP 2008-08-29 18:20 . 2008-08-29 18:23 <DIR> d-------- C:\WINDOWS\NV35084008.TMP 2008-08-29 18:20 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-08-29 18:18 . 2008-08-29 18:18 <DIR> d-------- C:\NVIDIA 2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-08-29 17:42 . 2008-09-01 23:20 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-29 16:50 . 2008-08-29 16:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-29 16:50 . 2008-08-29 16:50 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-08-27 15:20 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-08-27 15:19 . 2008-08-27 15:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd 2008-08-26 19:04 . 2008-08-29 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia 2008-08-24 22:51 . 2008-08-29 17:39 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-08-23 14:20 . 2008-08-23 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited 2008-08-23 13:29 . 2008-08-29 17:39 <DIR> d-------- C:\Force Feedback Racing Wheel Drivers 2008-08-20 20:13 . 2008-08-29 17:40 <DIR> d-------- C:\Programfiler\Screamer Radio 2008-08-14 22:34 . 2008-08-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DFX 2008-08-14 22:10 . 2008-08-29 17:42 <DIR> d-------- C:\Programfiler\iTunes 2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\iPod 2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-08-14 13:24 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-13 19:57 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 19:57 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-02 11:06 . 2008-08-02 11:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-08-02 11:02 . 2008-08-02 12:02 <DIR> d-------- C:\Programfiler\World of Warcraft 2008-08-01 23:35 . 2008-08-01 23:35 <DIR> d-------- C:\Programfiler\WZCBDL Service 2008-08-01 23:35 . 2008-08-01 23:35 <DIR> d-------- C:\Programfiler\NIOC Service 2008-08-01 23:34 . 2008-08-01 23:34 <DIR> d-------- C:\Programfiler\D-Link . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 20:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-09-01 18:24 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent 2008-09-01 14:12 --------- d-----w C:\Documents and Settings\Erik\Programdata\AdobeUM 2008-08-31 20:37 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-31 20:37 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-31 13:27 --------- d-----w C:\Programfiler\SpeedFan 2008-08-31 08:52 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-31 02:37 --------- d-----w C:\Documents and Settings\Erik\Programdata\Xfire 2008-08-29 16:14 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-08-29 15:41 --------- d-----w C:\Programfiler\Xfire 2008-08-29 15:41 --------- d-----w C:\Documents and Settings\Erik\Programdata\dvdcss 2008-08-29 15:40 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-27 20:13 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype 2008-08-27 18:27 --------- d-----w C:\Documents and Settings\Erik\Programdata\skypePM 2008-08-27 13:20 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-08-27 13:19 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-24 20:52 --------- d-----w C:\Programfiler\Nokia 2008-08-24 20:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2008-08-23 11:33 --------- d-----w C:\Programfiler\McAfee 2008-08-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee 2008-08-23 00:44 --------- d-----w C:\Programfiler\Activision 2008-08-14 20:09 --------- d-----w C:\Programfiler\SiteAdvisor 2008-08-02 11:05 16,608 ----a-w C:\WINDOWS\gdrv.sys 2008-08-01 20:57 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ahead 2008-07-27 20:04 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2008-07-27 20:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor 2008-07-27 20:02 --------- d-----w C:\Programfiler\McAfee.com 2008-07-27 20:02 --------- d-----w C:\Programfiler\Fellesfiler\McAfee 2008-07-27 15:27 --------- d-----w C:\Programfiler\SIW 2008-07-27 12:38 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ventrilo 2008-07-25 07:48 --------- d-----w C:\Programfiler\Audacity 2008-07-17 21:03 --------- d-----w C:\Programfiler\RivaTuner v2.09 2008-07-17 21:01 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-07-17 21:00 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application 2008-07-16 20:58 --------- d-----w C:\Programfiler\Motherboard Monitor 5 2008-07-12 11:46 --------- d-----w C:\Programfiler\Google 2008-07-12 11:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-07-12 09:59 --------- d-----w C:\Programfiler\Windows Live 2008-07-12 09:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogMeIn 2008-07-10 21:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\NVIDIA 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 19:24 --------- d-----w C:\Programfiler\Java 2008-07-06 19:23 --------- d-----w C:\Programfiler\Fellesfiler\Java 2008-07-04 15:03 --------- d-----w C:\Programfiler\Guitar Pro 5 2008-06-26 21:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-06-26 21:42 22,328 ----a-w C:\Documents and Settings\Erik\Programdata\PnkBstrK.sys 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-16 23:14 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-06-16 23:14 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-06-16 20:42 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-04-14 16:22 933,888 --sh--r C:\WINDOWS\system32\sdphost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "WhatPulse"="C:\Programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 10:55 1966080] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-10-02 06:19 2185768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-07-23 03:22 1126400] "mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2008-07-11 18:48 641208] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 02:59 1176808] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 07:15 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-17 07:15 81920] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe] "Files Driver"="sdphost.exe" [2008-04-14 18:22 933888 C:\WINDOWS\system32\sdphost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Files Driver"="sdphost.exe" [2008-04-14 18:22 933888 C:\WINDOWS\system32\sdphost.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\ Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2008-08-06 02:26:38 3065168] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-27 15:20:05 805392] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutorunsDisabled Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-17 00:57:47 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "mi-raysat_3dsMax2009_32"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\manager.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\server.exe"= "C:\\Programfiler\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "C:\\Programfiler\\BearShare\\Bearshare.exe"= "C:\\Programfiler\\Xfire\\xfire.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"= "E:\\Downloads\\Spill\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\GIGABYTE\\@BIOS\\gwflash.exe"= "C:\\Programfiler\\GIGABYTE\\GEST\\run.exe"= R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21] R2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 12:15] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 15:08] S3 GEST Service;GEST Service for program management.;C:\Programfiler\GIGABYTE\GEST\GSvr.exe [2007-12-14 11:46] S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-07-23 09:41] S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-09-01 23:20] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 17:44] S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Programfiler\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-DriverUpdaterPro - C:\Programfiler\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe HKLM-Run-Launch LCDMon - C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Erik\Programdata\Mozilla\Firefox\Profiles\5qqn6bpr.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 23:20:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FELLES~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FELLES~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Programfiler\McAfee\MPF\MpfSrv.exe C:\Programfiler\McAfee\MSK\msksrver.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6261\SAService.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2008-09-01 23:22:26 - machine was rebooted [Erik] ComboFix-quarantined-files.txt 2008-09-01 21:22:22 Pre-Run: 435,013,148,672 byte ledig Post-Run: 434,930,999,296 byte ledig 260 --- E O F --- 2008-08-21 12:57:41 SAS-log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/01/2008 at 10:50 PM Application Version : 4.20.1046 Core Rules Database Version : 3553 Trace Rules Database Version: 1542 Scan type : Quick Scan Total Scan Time : 00:12:13 Memory items scanned : 558 Memory threats detected : 0 Registry items scanned : 421 Registry threats detected : 0 File items scanned : 10378 File threats detected : 1 BearShare File Sharing Client E:\DOWNLOADS\BEARSHARE\BEARSHARE.EXE Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå