[LØST]Hjelp til sjekk av logger. HJT, MBAM, og Combofix

[Snytefant]

Pcn lagger innimellom.

Gjerne med et mellom rom på 5-15 minutter. Da hakker det i alt fra 1-2 sekunder til 15 sekunder. Dette er da veldig plagsomt hvis jeg gamer, for eks.

Jeg legger med logger så de som er flinke med det, kan gå gjennom å se om det er noe som bør fjernes.

 

HJT-Log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41:00, on 07.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Programfiler\McAfee\MPF\MPFSrv.exe

C:\Programfiler\McAfee\MSK\MskSrver.exe

C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\WZCBDL Service\WZCBDLS.exe

C:\WINDOWS\system32\ctfmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\TBPanel.exe

C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe

C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\WhatPulse\WhatPulse.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Xfire\xfire.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Erik\Skrivebord\testetst\testetst.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe

O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe

 

--

End of file - 9801 bytes

 

 

 

Combofix-Log

 

ComboFix 08-09-05.02 - Erik 2008-09-07 11:31:02.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1440 [GMT 2:00]

Running from: C:\Documents and Settings\Erik\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.

 

2008-09-07 11:10 . 2008-09-07 11:23 <DIR> dr-h----- C:\Documents and Settings\Erik\Siste

2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\Malwarebytes

2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-07 11:09 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-07 11:09 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-04 22:00 . 2008-09-04 22:01 <DIR> d-------- C:\Programfiler\BORGChat

2008-09-04 16:21 . 2008-09-04 16:59 <DIR> d-------- C:\Programfiler\StepMania

2008-09-04 15:22 . 2008-09-04 15:29 <DIR> d-------- C:\Programfiler\VirtualDVR

2008-09-02 21:01 . 2008-09-02 21:01 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\Locktime

2008-09-02 20:57 . 2008-09-02 20:57 <DIR> d-------- C:\Programfiler\NetLimiter 2 Monitor

2008-09-02 20:57 . 2008-09-02 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Locktime

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\SUPERAntiSpyware.com

2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-09-01 21:52 . 2008-09-01 21:52 <DIR> d-------- C:\Programfiler\CCleaner

2008-09-01 21:23 . 2008-09-01 21:23 <DIR> d-------- C:\Programfiler\Trend Micro

2008-08-31 15:48 . 2008-09-01 16:10 <DIR> d-------- C:\WINDOWS\NV35643008.TMP

2008-08-29 18:20 . 2008-08-29 18:23 <DIR> d-------- C:\WINDOWS\NV35084008.TMP

2008-08-29 18:20 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb

2008-08-29 18:18 . 2008-08-29 18:18 <DIR> d-------- C:\NVIDIA

2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-08-29 17:42 . 2008-09-07 10:06 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-08-29 16:50 . 2008-09-05 15:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-29 16:50 . 2008-09-05 15:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-08-27 15:20 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-08-27 15:19 . 2008-08-27 15:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd

2008-08-26 19:04 . 2008-08-29 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia

2008-08-24 22:51 . 2008-08-29 17:39 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

2008-08-23 14:20 . 2008-08-23 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited

2008-08-23 13:29 . 2008-08-29 17:39 <DIR> d-------- C:\Force Feedback Racing Wheel Drivers

2008-08-20 20:13 . 2008-09-02 15:41 <DIR> d-------- C:\Programfiler\Screamer Radio

2008-08-14 22:34 . 2008-08-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DFX

2008-08-14 22:10 . 2008-08-29 17:42 <DIR> d-------- C:\Programfiler\iTunes

2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\iPod

2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-08-14 13:24 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-08-13 19:57 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-13 19:57 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-07 09:33 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent

2008-09-06 21:38 --------- d-----w C:\Programfiler\SpeedFan

2008-09-06 21:35 137,656 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-09-05 13:36 --------- d-----w C:\Programfiler\Xfire

2008-09-04 20:00 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype

2008-09-04 16:08 --------- d-----w C:\Documents and Settings\Erik\Programdata\skypePM

2008-09-03 13:21 --------- d-----w C:\Documents and Settings\Erik\Programdata\Xfire

2008-09-01 20:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-01 14:12 --------- d-----w C:\Documents and Settings\Erik\Programdata\AdobeUM

2008-08-31 08:52 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-29 16:14 --------- d-----w C:\Programfiler\SystemRequirementsLab

2008-08-29 15:41 --------- d-----w C:\Documents and Settings\Erik\Programdata\dvdcss

2008-08-29 15:40 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-08-27 13:20 --------- d-----w C:\Programfiler\Fellesfiler\Logitech

2008-08-27 13:19 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-24 20:52 --------- d-----w C:\Programfiler\Nokia

2008-08-24 20:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-08-23 11:33 --------- d-----w C:\Programfiler\McAfee

2008-08-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee

2008-08-23 00:44 --------- d-----w C:\Programfiler\Activision

2008-08-14 20:09 --------- d-----w C:\Programfiler\SiteAdvisor

2008-08-02 11:05 16,608 ----a-w C:\WINDOWS\gdrv.sys

2008-08-02 10:02 --------- d-----w C:\Programfiler\World of Warcraft

2008-08-02 09:06 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-08-01 21:35 --------- d-----w C:\Programfiler\WZCBDL Service

2008-08-01 21:35 --------- d-----w C:\Programfiler\NIOC Service

2008-08-01 21:34 --------- d-----w C:\Programfiler\D-Link

2008-08-01 20:57 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ahead

2008-07-27 20:04 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor

2008-07-27 20:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor

2008-07-27 20:02 --------- d-----w C:\Programfiler\McAfee.com

2008-07-27 20:02 --------- d-----w C:\Programfiler\Fellesfiler\McAfee

2008-07-27 15:27 --------- d-----w C:\Programfiler\SIW

2008-07-27 12:38 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ventrilo

2008-07-25 07:48 --------- d-----w C:\Programfiler\Audacity

2008-07-17 21:03 --------- d-----w C:\Programfiler\RivaTuner v2.09

2008-07-17 21:01 --------- d-----w C:\Programfiler\NVIDIA Corporation

2008-07-17 21:00 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application

2008-07-16 20:58 --------- d-----w C:\Programfiler\Motherboard Monitor 5

2008-07-12 11:46 --------- d-----w C:\Programfiler\Google

2008-07-12 11:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-07-12 09:59 --------- d-----w C:\Programfiler\Windows Live

2008-07-12 09:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-07-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogMeIn

2008-07-10 21:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\NVIDIA

2008-06-26 21:42 22,328 ----a-w C:\Documents and Settings\Erik\Programdata\PnkBstrK.sys

2008-06-16 20:42 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

 

((((((((((((((((((((((((((((( snapshot_2008-09-06_14.03.13.81 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-06 11:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-09-07 08:08:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-09-06 11:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

+ 2008-09-07 08:08:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat

- 2008-09-04 16:43:51 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

+ 2008-09-06 21:34:56 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

- 2008-09-06 12:00:12 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat

+ 2008-09-07 09:36:02 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat

- 2008-09-06 12:00:12 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-09-07 09:36:02 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat

+ 2008-09-07 09:36:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat

- 2008-09-06 12:00:12 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-07 09:36:02 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-06 12:00:59 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT

+ 2008-09-07 09:36:47 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"WhatPulse"="C:\Programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 665600]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-10-02 2185768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]

"Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]

"SiteAdvisor"="C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\

Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2008-08-27 3068752]

 

C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\AutorunsDisabled

BORGChat.lnk - C:\Programfiler\BORGChat\BORGChat.exe [2007-04-01 1041920]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-27 805392]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutorunsDisabled

Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-17 113664]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mi-raysat_3dsMax2009_32"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"C:\\Programfiler\\BearShare\\Bearshare.exe"=

"C:\\Programfiler\\Xfire\\xfire.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"=

"E:\\Downloads\\Spill\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\GIGABYTE\\@BIOS\\gwflash.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\manager.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"=

"C:\\Programfiler\\Autodesk\\Backburner\\server.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Programfiler\\GIGABYTE\\GEST\\run.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"C:\\Programfiler\\BORGChat\\BORGChat.exe"=

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 81688]

R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 22912]

R2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]

S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]

S3 GEST Service;GEST Service for program management.;C:\Programfiler\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]

S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-07-23 29372]

S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 636502]

S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Programfiler\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Erik\Programdata\Mozilla\Firefox\Profiles\5qqn6bpr.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no

FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 11:36:42

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE

-> C:\Programfiler\SiteAdvisor\6261\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\FELLES~1\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\FELLES~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

C:\Programfiler\McAfee\MPF\MpfSrv.exe

C:\Programfiler\McAfee\MSK\msksrver.exe

C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe

C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\SiteAdvisor\6261\SAService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2008-09-07 11:39:22 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-07 09:39:18

ComboFix2.txt 2008-09-06 12:03:30

ComboFix3.txt 2008-09-01 21:22:27

 

Pre-Run: 441,219,940,352 byte ledig

Post-Run: 441,204,027,392 byte ledig

 

278 --- E O F --- 2008-08-21 12:57:41

 

 

MBAM-Log

 

Malwarebytes' Anti-Malware 1.26

Database versjon: 1122

Windows 5.1.2600 Service Pack 3

 

07.09.2008 11:23:13

mbam-log-2008-09-07 (11-23-13).txt

 

Skanntype: Rask Skann

Objekter skannet: 48160

Tid tilbakelagt: 2 minute(s), 37 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Files Driver (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Files Driver (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\sdphost.exe (Backdoor.Bot) -> Delete on reboot.

 

 

 

Takker for svar

Endret 7. september 2008 av iRipley

[norbat]

Er det fortsatt problemer med lagging?

[Snytefant]

Ja, det lagger fortsatt like mye/ofte.

[norbat]

Har det vært slik lagging lenge (oppsto det plutselig eller var det i forbindelse med at du installerte ett eller annet)

[Snytefant]

Det oppsto, tror jeg, når jeg lasta ned og insatallerte ETS (Euro Truck Simulator).

Jeg leste noe om at det kunne være no snusk med det, men jeg var så dum å tok sjansen.

Spillet funket fint det, men da begynte jo denne laggingen da.

Endret 7. september 2008 av iRipley

[norbat]

Det ble fjernet noe med de antimalwareprogrammene du kjørte, men du kunne forsøke å avinstallere ETS og sett om ting ble bedre.

[Snytefant]

Det avinstallerte jeg med en gang jeg merket at det begynte å gå tregt.

Trodde det var det, men det hjalp ikke å avinnstalere.

 

Kan også nevne at det tar vesentlig lenger tid å starte opp maskina etter at jeg installerte ETS.

[norbat]

Er det lenge siden du installerte dette programmet (tenker på om du kunne prøvd å kjøre en systemgjenoppretting til en dato før)

[Snytefant]

Tok en system gjennoppretting til ett punkt som var 1 uke før jeg lasta ned ETS.

Hjalp ikke noe det heller.

 

Omg, tror det var harddisken min som gjorde det.

Har hatt en tom 500GB disk som jeg fant i en el-retur container på jobben, det var en ekstern en, men plukka ut sata disken å satt den inn i pcn.

Tror det var den, for nå koblet jeg den ut, å nå har det ikke lagget på 10-15 minutter.

Endret 7. september 2008 av iRipley

[norbat]

Ja, det kan virke som du fant løsningen selv

 

Du bør uansett kjøre gjennom med de programmene du startet tråden med (MBAM og Combofis) slik at du får fjernet evt. malware som er blitt gjenopprettet etter at du kjørte systemgjenopprettingen.

[Snytefant]

Takk for all hjelp. ^^,

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-