Pc begynt å gå tregt i det siste, NYE logger! Etter gjennomgang av veileder

[Snytefant]

Hei

Har i det siste lagt merke til at pcn tar mye lenger tid å starte opp en den gjorde for ca. 3 uker siden.

Så det må jo ha skjedd ett eller annet.

Pcn er så å si ny, kjøpte den i slutten av mai.

Fungert helt perfekt, men nå altså, dette.

Innimellom, kanskje hvert 20 minutt, begynner pcn å lagge, ser på hardisk-lyset at den jobber, lyse blinker ikke, det bare lyser. Muse pekeren lagger bortover på en måte, musikken hakker også, dette kan vare fra 1-2 sekunder til 10 sekunder. Så blir det helt fint igjen, før det har gått ca. 20 minutter, da er det pån igjen.

 

Ser også at den sender utrolig mange pakker på nettet, hvilket gjør at nettet blir tregt, vet ikke om man kan se noe om det i HJT loggen, men finner dere noe suspekt, så gævl ut

HJT log fil, for de som skjønner seg på dem.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:23:34, on 01.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programfiler\McAfee\MPF\MPFSrv.exe

C:\Programfiler\McAfee\MSK\MskSrver.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\WZCBDL Service\WZCBDLS.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\sdphost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WhatPulse\WhatPulse.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Xfire\xfire.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Files Driver] sdphost.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programfiler\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe

 

--

End of file - 10298 bytes

 

 

Takker for svar

Endret 2. september 2008 av iRipley

[norbat]

Kjør gjennom veiledningen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246

 

Loggene det spørres etter, poster du her i din egen tråd.

[Snytefant]

Alle loggene.

 

HJT-log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:40, on 01.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programfiler\McAfee\MPF\MPFSrv.exe

C:\Programfiler\McAfee\MSK\MskSrver.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\McAfee.com\Agent\mcagent.exe

C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\sdphost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WhatPulse\WhatPulse.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\WZCBDL Service\WZCBDLS.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Erik\Skrivebord\testetst\testetst.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Files Driver] sdphost.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe

 

--

End of file - 9659 bytes

 

 

Combofix log

 

ComboFix 08-08-31.01 - Erik 2008-09-01 23:15:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1300 [GMT 2:00]

Running from: C:\Documents and Settings\Erik\Skrivebord\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\smp.bat

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))

.

 

2008-09-01 23:20 . 2008-09-01 23:20 240,240 --a------ C:\WINDOWS\system32\wpcap.dll

2008-09-01 23:20 . 2008-09-01 23:20 88,704 --a------ C:\WINDOWS\system32\packet.dll

2008-09-01 23:20 . 2008-09-01 23:20 42,512 --a------ C:\WINDOWS\system32\drivers\npf.sys

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\SUPERAntiSpyware.com

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-01 21:54 . 2008-09-01 23:06 <DIR> dr-h----- C:\Documents and Settings\Erik\Siste

2008-09-01 21:52 . 2008-09-01 21:52 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-01 21:23 . 2008-09-01 21:23 <DIR> d-------- C:\Programfiler\Trend Micro

2008-08-31 15:48 . 2008-09-01 16:10 <DIR> d-------- C:\WINDOWS\NV35643008.TMP

2008-08-29 18:20 . 2008-08-29 18:23 <DIR> d-------- C:\WINDOWS\NV35084008.TMP

2008-08-29 18:20 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-08-29 18:18 . 2008-08-29 18:18 <DIR> d-------- C:\NVIDIA

2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-08-29 17:42 . 2008-09-01 23:20 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-29 16:50 . 2008-08-29 16:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-29 16:50 . 2008-08-29 16:50 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-08-27 15:20 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-08-27 15:19 . 2008-08-27 15:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd

2008-08-26 19:04 . 2008-08-29 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia

2008-08-24 22:51 . 2008-08-29 17:39 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

2008-08-23 14:20 . 2008-08-23 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited

2008-08-23 13:29 . 2008-08-29 17:39 <DIR> d-------- C:\Force Feedback Racing Wheel Drivers

2008-08-20 20:13 . 2008-08-29 17:40 <DIR> d-------- C:\Programfiler\Screamer Radio

2008-08-14 22:34 . 2008-08-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DFX

2008-08-14 22:10 . 2008-08-29 17:42 <DIR> d-------- C:\Programfiler\iTunes

2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\iPod

2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-08-14 13:24 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-13 19:57 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-13 19:57 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-08-02 11:06 . 2008-08-02 11:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-08-02 11:02 . 2008-08-02 12:02 <DIR> d-------- C:\Programfiler\World of Warcraft

2008-08-01 23:35 . 2008-08-01 23:35 <DIR> d-------- C:\Programfiler\WZCBDL Service

2008-08-01 23:35 . 2008-08-01 23:35 <DIR> d-------- C:\Programfiler\NIOC Service

2008-08-01 23:34 . 2008-08-01 23:34 <DIR> d-------- C:\Programfiler\D-Link

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 20:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-01 18:24 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent

2008-09-01 14:12 --------- d-----w C:\Documents and Settings\Erik\Programdata\AdobeUM

2008-08-31 20:37 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-31 20:37 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-08-31 13:27 --------- d-----w C:\Programfiler\SpeedFan

2008-08-31 08:52 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-31 02:37 --------- d-----w C:\Documents and Settings\Erik\Programdata\Xfire

2008-08-29 16:14 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-08-29 15:41 --------- d-----w C:\Programfiler\Xfire

2008-08-29 15:41 --------- d-----w C:\Documents and Settings\Erik\Programdata\dvdcss

2008-08-29 15:40 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-08-27 20:13 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype

2008-08-27 18:27 --------- d-----w C:\Documents and Settings\Erik\Programdata\skypePM

2008-08-27 13:20 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-08-27 13:19 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-24 20:52 --------- d-----w C:\Programfiler\Nokia

2008-08-24 20:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-08-23 11:33 --------- d-----w C:\Programfiler\McAfee

2008-08-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee

2008-08-23 00:44 --------- d-----w C:\Programfiler\Activision

2008-08-14 20:09 --------- d-----w C:\Programfiler\SiteAdvisor

2008-08-02 11:05 16,608 ----a-w C:\WINDOWS\gdrv.sys

2008-08-01 20:57 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ahead

2008-07-27 20:04 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor

2008-07-27 20:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor

2008-07-27 20:02 --------- d-----w C:\Programfiler\McAfee.com

2008-07-27 20:02 --------- d-----w C:\Programfiler\Fellesfiler\McAfee

2008-07-27 15:27 --------- d-----w C:\Programfiler\SIW

2008-07-27 12:38 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ventrilo

2008-07-25 07:48 --------- d-----w C:\Programfiler\Audacity

2008-07-17 21:03 --------- d-----w C:\Programfiler\RivaTuner v2.09

2008-07-17 21:01 --------- d-----w C:\Programfiler\NVIDIA Corporation

2008-07-17 21:00 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application

2008-07-16 20:58 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-07-12 11:46 --------- d-----w C:\Programfiler\Google

2008-07-12 11:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-07-12 09:59 --------- d-----w C:\Programfiler\Windows Live

2008-07-12 09:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-07-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogMeIn

2008-07-10 21:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\NVIDIA

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-06 19:24 --------- d-----w C:\Programfiler\Java

2008-07-06 19:23 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-07-04 15:03 --------- d-----w C:\Programfiler\Guitar Pro 5

2008-06-26 21:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-06-26 21:42 22,328 ----a-w C:\Documents and Settings\Erik\Programdata\PnkBstrK.sys

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-16 23:14 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-06-16 23:14 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-06-16 20:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-14 16:22 933,888 --sh--r C:\WINDOWS\system32\sdphost.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"WhatPulse"="C:\Programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 10:55 1966080]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-10-02 06:19 2185768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]

"Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-07-23 03:22 1126400]

"mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2008-07-11 18:48 641208]

"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 23:57 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 02:59 1176808]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 07:15 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-17 07:15 81920]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]

"Files Driver"="sdphost.exe" [2008-04-14 18:22 933888 C:\WINDOWS\system32\sdphost.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Files Driver"="sdphost.exe" [2008-04-14 18:22 933888 C:\WINDOWS\system32\sdphost.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

 

C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\

Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2008-08-06 02:26:38 3065168]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-27 15:20:05 805392]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutorunsDisabled

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-17 00:57:47 113664]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mi-raysat_3dsMax2009_32"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"C:\\Programfiler\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"C:\\Programfiler\\BearShare\\Bearshare.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"=

"E:\\Downloads\\Spill\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\GIGABYTE\\@BIOS\\gwflash.exe"=

"C:\\Programfiler\\GIGABYTE\\GEST\\run.exe"=

 

R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 18:21]

R2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 12:15]

S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 15:08]

S3 GEST Service;GEST Service for program management.;C:\Programfiler\GIGABYTE\GEST\GSvr.exe [2007-12-14 11:46]

S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-07-23 09:41]

S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-09-01 23:20]

S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 17:44]

S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Programfiler\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04]

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-DriverUpdaterPro - C:\Programfiler\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

HKLM-Run-Launch LCDMon - C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Erik\Programdata\Mozilla\Firefox\Profiles\5qqn6bpr.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no

FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-01 23:20:02

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\FELLES~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\FELLES~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Programfiler\McAfee\MPF\MpfSrv.exe

C:\Programfiler\McAfee\MSK\msksrver.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\SiteAdvisor\6261\SAService.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2008-09-01 23:22:26 - machine was rebooted [Erik]

ComboFix-quarantined-files.txt 2008-09-01 21:22:22

 

Pre-Run: 435,013,148,672 byte ledig

Post-Run: 434,930,999,296 byte ledig

 

260 --- E O F --- 2008-08-21 12:57:41

 

 

SAS-log

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/01/2008 at 10:50 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3553

Trace Rules Database Version: 1542

 

Scan type : Quick Scan

Total Scan Time : 00:12:13

 

Memory items scanned : 558

Memory threats detected : 0

Registry items scanned : 421

Registry threats detected : 0

File items scanned : 10378

File threats detected : 1

 

BearShare File Sharing Client

E:\DOWNLOADS\BEARSHARE\BEARSHARE.EXE