Snytefant Skrevet 7. september 2008 Del Skrevet 7. september 2008 (endret) Pcn lagger innimellom. Gjerne med et mellom rom på 5-15 minutter. Da hakker det i alt fra 1-2 sekunder til 15 sekunder. Dette er da veldig plagsomt hvis jeg gamer, for eks. Jeg legger med logger så de som er flinke med det, kan gå gjennom å se om det er noe som bør fjernes. HJT-Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:41:00, on 07.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Programfiler\McAfee\MPF\MPFSrv.exe C:\Programfiler\McAfee\MSK\MskSrver.exe C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\system32\ctfmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\TBPanel.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\WhatPulse\WhatPulse.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Erik\Skrivebord\testetst\testetst.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programfiler\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mcagent_exe] "C:\Programfiler\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhatPulse] C:\Programfiler\WhatPulse\WhatPulse.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1213700061921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programfiler\GIGABYTE\GEST\GSvr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBackMonitor - McAfee - C:\Programfiler\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FELLES~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programfiler\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programfiler\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Programfiler\SiteAdvisor\6261\SAService.exe O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programfiler\WZCBDL Service\WZCBDLS.exe -- End of file - 9801 bytes Combofix-Log ComboFix 08-09-05.02 - Erik 2008-09-07 11:31:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1440 [GMT 2:00] Running from: C:\Documents and Settings\Erik\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 11:10 . 2008-09-07 11:23 <DIR> dr-h----- C:\Documents and Settings\Erik\Siste 2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\Malwarebytes 2008-09-07 11:09 . 2008-09-07 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-07 11:09 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-07 11:09 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-04 22:00 . 2008-09-04 22:01 <DIR> d-------- C:\Programfiler\BORGChat 2008-09-04 16:21 . 2008-09-04 16:59 <DIR> d-------- C:\Programfiler\StepMania 2008-09-04 15:22 . 2008-09-04 15:29 <DIR> d-------- C:\Programfiler\VirtualDVR 2008-09-02 21:01 . 2008-09-02 21:01 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\Locktime 2008-09-02 20:57 . 2008-09-02 20:57 <DIR> d-------- C:\Programfiler\NetLimiter 2 Monitor 2008-09-02 20:57 . 2008-09-02 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Locktime 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\Erik\Programdata\SUPERAntiSpyware.com 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-09-01 21:52 . 2008-09-01 21:52 <DIR> d-------- C:\Programfiler\CCleaner 2008-09-01 21:23 . 2008-09-01 21:23 <DIR> d-------- C:\Programfiler\Trend Micro 2008-08-31 15:48 . 2008-09-01 16:10 <DIR> d-------- C:\WINDOWS\NV35643008.TMP 2008-08-29 18:20 . 2008-08-29 18:23 <DIR> d-------- C:\WINDOWS\NV35084008.TMP 2008-08-29 18:20 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-08-29 18:18 . 2008-08-29 18:18 <DIR> d-------- C:\NVIDIA 2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-08-29 17:43 . 2008-08-29 17:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-08-29 17:42 . 2008-09-07 10:06 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-29 16:50 . 2008-09-05 15:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-08-29 16:50 . 2008-09-05 15:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-27 15:20 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-08-27 15:19 . 2008-08-27 15:20 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd 2008-08-26 19:04 . 2008-08-29 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Trymedia 2008-08-24 22:51 . 2008-08-29 17:39 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-08-23 14:20 . 2008-08-23 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Test Drive Unlimited 2008-08-23 13:29 . 2008-08-29 17:39 <DIR> d-------- C:\Force Feedback Racing Wheel Drivers 2008-08-20 20:13 . 2008-09-02 15:41 <DIR> d-------- C:\Programfiler\Screamer Radio 2008-08-14 22:34 . 2008-08-14 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DFX 2008-08-14 22:10 . 2008-08-29 17:42 <DIR> d-------- C:\Programfiler\iTunes 2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\iPod 2008-08-14 22:10 . 2008-08-29 17:41 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-08-14 13:24 . 2004-08-04 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-13 19:57 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 19:57 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 09:33 --------- d-----w C:\Documents and Settings\Erik\Programdata\uTorrent 2008-09-06 21:38 --------- d-----w C:\Programfiler\SpeedFan 2008-09-06 21:35 137,656 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-05 13:36 --------- d-----w C:\Programfiler\Xfire 2008-09-04 20:00 --------- d-----w C:\Documents and Settings\Erik\Programdata\Skype 2008-09-04 16:08 --------- d-----w C:\Documents and Settings\Erik\Programdata\skypePM 2008-09-03 13:21 --------- d-----w C:\Documents and Settings\Erik\Programdata\Xfire 2008-09-01 20:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-09-01 14:12 --------- d-----w C:\Documents and Settings\Erik\Programdata\AdobeUM 2008-08-31 08:52 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-08-29 16:14 --------- d-----w C:\Programfiler\SystemRequirementsLab 2008-08-29 15:41 --------- d-----w C:\Documents and Settings\Erik\Programdata\dvdcss 2008-08-29 15:40 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-27 13:20 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2008-08-27 13:19 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-24 20:52 --------- d-----w C:\Programfiler\Nokia 2008-08-24 20:50 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2008-08-23 11:33 --------- d-----w C:\Programfiler\McAfee 2008-08-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Programdata\McAfee 2008-08-23 00:44 --------- d-----w C:\Programfiler\Activision 2008-08-14 20:09 --------- d-----w C:\Programfiler\SiteAdvisor 2008-08-02 11:05 16,608 ----a-w C:\WINDOWS\gdrv.sys 2008-08-02 10:02 --------- d-----w C:\Programfiler\World of Warcraft 2008-08-02 09:06 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-08-01 21:35 --------- d-----w C:\Programfiler\WZCBDL Service 2008-08-01 21:35 --------- d-----w C:\Programfiler\NIOC Service 2008-08-01 21:34 --------- d-----w C:\Programfiler\D-Link 2008-08-01 20:57 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ahead 2008-07-27 20:04 --------- d-----w C:\Documents and Settings\LocalService\Programdata\SiteAdvisor 2008-07-27 20:04 --------- d-----w C:\Documents and Settings\All Users\Programdata\SiteAdvisor 2008-07-27 20:02 --------- d-----w C:\Programfiler\McAfee.com 2008-07-27 20:02 --------- d-----w C:\Programfiler\Fellesfiler\McAfee 2008-07-27 15:27 --------- d-----w C:\Programfiler\SIW 2008-07-27 12:38 --------- d-----w C:\Documents and Settings\Erik\Programdata\Ventrilo 2008-07-25 07:48 --------- d-----w C:\Programfiler\Audacity 2008-07-17 21:03 --------- d-----w C:\Programfiler\RivaTuner v2.09 2008-07-17 21:01 --------- d-----w C:\Programfiler\NVIDIA Corporation 2008-07-17 21:00 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application 2008-07-16 20:58 --------- d-----w C:\Programfiler\Motherboard Monitor 5 2008-07-12 11:46 --------- d-----w C:\Programfiler\Google 2008-07-12 11:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-07-12 09:59 --------- d-----w C:\Programfiler\Windows Live 2008-07-12 09:54 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-07-11 19:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\LogMeIn 2008-07-10 21:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\NVIDIA 2008-06-26 21:42 22,328 ----a-w C:\Documents and Settings\Erik\Programdata\PnkBstrK.sys 2008-06-16 20:42 315,392 ----a-w C:\WINDOWS\HideWin.exe . ((((((((((((((((((((((((((((( snapshot_2008-09-06_14.03.13.81 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-06 11:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-07 08:08:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-06 11:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat + 2008-09-07 08:08:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\index.dat - 2008-09-04 16:43:51 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-09-06 21:34:56 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe - 2008-09-06 12:00:12 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat + 2008-09-07 09:36:02 16,384 ------w C:\WINDOWS\Temp\Cookies\index.dat - 2008-09-06 12:00:12 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-09-07 09:36:02 32,768 ------w C:\WINDOWS\Temp\History\History.IE5\index.dat + 2008-09-07 09:36:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat - 2008-09-06 12:00:12 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat + 2008-09-07 09:36:02 32,768 ------w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat - 2008-09-06 12:00:59 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT + 2008-09-07 09:36:47 1,500 ----a-w C:\WINDOWS\UI\BIOSCTL.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "WhatPulse"="C:\Programfiler\WhatPulse\WhatPulse.exe" [2006-08-21 665600] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 1966080] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-10-02 2185768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400] "mcagent_exe"="C:\Programfiler\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "SiteAdvisor"="C:\Programfiler\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\ Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2008-08-27 3068752] C:\Documents and Settings\Erik\Start-meny\Programmer\Oppstart\AutorunsDisabled BORGChat.lnk - C:\Programfiler\BORGChat\BORGChat.exe [2007-04-01 1041920] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-27 805392] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutorunsDisabled Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-17 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "mi-raysat_3dsMax2009_32"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "C:\\Programfiler\\BearShare\\Bearshare.exe"= "C:\\Programfiler\\Xfire\\xfire.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"= "E:\\Downloads\\Spill\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TDU\\TestDriveUnlimited.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\GIGABYTE\\@BIOS\\gwflash.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\manager.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\monitor.exe"= "C:\\Programfiler\\Autodesk\\Backburner\\server.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "C:\\Programfiler\\GIGABYTE\\GEST\\run.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\BORGChat\\BORGChat.exe"= R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 81688] R2 NIOC;NIOC Service;C:\WINDOWS\system32\NIOC.SYS [2002-09-27 22912] R2 WZCBDLService;WZCBDL Service;C:\Programfiler\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S3 GEST Service;GEST Service for program management.;C:\Programfiler\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-07-23 29372] S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2003-04-10 636502] S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;C:\Programfiler\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Erik\Programdata\Mozilla\Firefox\Profiles\5qqn6bpr.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no FF -: plugin - C:\Programfiler\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 11:36:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE -> C:\Programfiler\SiteAdvisor\6261\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\FELLES~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FELLES~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Programfiler\McAfee\MPF\MpfSrv.exe C:\Programfiler\McAfee\MSK\msksrver.exe C:\Programfiler\NetLimiter 2 Monitor\nlsvc.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************** . Completion time: 2008-09-07 11:39:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-07 09:39:18 ComboFix2.txt 2008-09-06 12:03:30 ComboFix3.txt 2008-09-01 21:22:27 Pre-Run: 441,219,940,352 byte ledig Post-Run: 441,204,027,392 byte ledig 278 --- E O F --- 2008-08-21 12:57:41 MBAM-Log Malwarebytes' Anti-Malware 1.26 Database versjon: 1122 Windows 5.1.2600 Service Pack 3 07.09.2008 11:23:13 mbam-log-2008-09-07 (11-23-13).txt Skanntype: Rask Skann Objekter skannet: 48160 Tid tilbakelagt: 2 minute(s), 37 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Files Driver (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Files Driver (Backdoor.Bot) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\sdphost.exe (Backdoor.Bot) -> Delete on reboot. Takker for svar Endret 7. september 2008 av iRipley Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Er det fortsatt problemer med lagging? Lenke til kommentar
Snytefant Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Ja, det lagger fortsatt like mye/ofte. Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Har det vært slik lagging lenge (oppsto det plutselig eller var det i forbindelse med at du installerte ett eller annet) Lenke til kommentar
Snytefant Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 (endret) Det oppsto, tror jeg, når jeg lasta ned og insatallerte ETS (Euro Truck Simulator). Jeg leste noe om at det kunne være no snusk med det, men jeg var så dum å tok sjansen. Spillet funket fint det, men da begynte jo denne laggingen da. Endret 7. september 2008 av iRipley Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Det ble fjernet noe med de antimalwareprogrammene du kjørte, men du kunne forsøke å avinstallere ETS og sett om ting ble bedre. Lenke til kommentar
Snytefant Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Det avinstallerte jeg med en gang jeg merket at det begynte å gå tregt. Trodde det var det, men det hjalp ikke å avinnstalere. Kan også nevne at det tar vesentlig lenger tid å starte opp maskina etter at jeg installerte ETS. Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Er det lenge siden du installerte dette programmet (tenker på om du kunne prøvd å kjøre en systemgjenoppretting til en dato før) Lenke til kommentar
Snytefant Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 (endret) Tok en system gjennoppretting til ett punkt som var 1 uke før jeg lasta ned ETS. Hjalp ikke noe det heller. Omg, tror det var harddisken min som gjorde det. Har hatt en tom 500GB disk som jeg fant i en el-retur container på jobben, det var en ekstern en, men plukka ut sata disken å satt den inn i pcn. Tror det var den, for nå koblet jeg den ut, å nå har det ikke lagget på 10-15 minutter. Endret 7. september 2008 av iRipley Lenke til kommentar
norbat Skrevet 7. september 2008 Del Skrevet 7. september 2008 Ja, det kan virke som du fant løsningen selv Du bør uansett kjøre gjennom med de programmene du startet tråden med (MBAM og Combofis) slik at du får fjernet evt. malware som er blitt gjenopprettet etter at du kjørte systemgjenopprettingen. Lenke til kommentar
Snytefant Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Takk for all hjelp. ^^, Lenke til kommentar
r2d290 Skrevet 7. september 2008 Del Skrevet 7. september 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå