FuzzFuet Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 (endret) Hei Sliter med en PC (Lenovo N200) som blir gørr treg og all musikk og film hakker når internetten/trådløsnettet brukes. Har prøvd å scanne med div programmer som "Trojan Remover", "Malwarebytes' Anti-Malware" og Panda online scan. Bruker "ZoneAlarm Internet Security Suite" til vanlig, men det er ikke helt på stasjon nå så har sikkert fått et nasty virus eller noe slikt. Om jeg skyver knappen på PC-en som deaktiverer trådløskortet blir den "rask" igjen. Noen som kan hjelpe? Blir veldig frustrert når jeg ikke kan høre på musikk engang.. En fersk hijackthis logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:44:04, on 15.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe D:\uTorrent\uTorrent.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\DAEMON Tools Lite\daemon.exe C:\Windows\system32\werfault.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Ole Einar\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETTVERKSTJENESTE') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: RDShutdown Service (RDShutdown) - Unknown owner - C:\Users\Ole Einar\Desktop\DShutdown\RDShutdown.exe (file missing) O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - D:\Macrium Reflect Backup\ReflectService.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Visning på skjermen (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 6723 bytes Og en ComboFix logg: ComboFix 08-10-15.01 - Ole Einar 2008-10-16 20:37:09.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2261 [GMT 2:00] Running from: C:\Users\Ole Einar\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 ))))))))))))))))))))))))))))))) . 2008-10-15 22:41 . 2008-10-15 22:41 <DIR> d-------- C:\!KillBox 2008-10-11 23:58 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys 2008-10-11 23:57 . 2008-10-11 23:57 <DIR> d-------- C:\Program Files\Panda Security 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\Users\Ole Einar\AppData\Roaming\Malwarebytes 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-08 21:12 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-08 21:12 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-08 20:30 . 2008-10-11 16:22 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-08 20:30 . 2008-10-11 16:22 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\Users\Ole Einar\AppData\Roaming\Simply Super Software 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\Users\All Users\Simply Super Software 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\ProgramData\Simply Super Software 2008-10-08 20:27 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll 2008-10-08 20:27 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll 2008-10-08 20:27 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll 2008-10-08 20:27 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll 2008-10-08 20:27 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll 2008-10-07 18:00 . 2008-10-07 18:00 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf 2008-10-05 09:52 . 2008-10-05 09:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 18:46 47,104 ----a-w C:\Windows\System32\rpcnet.dll 2008-10-16 18:46 17,408 ----a-w C:\Windows\System32\rpcnetp.dll 2008-10-16 18:45 17,408 ----a-w C:\Windows\System32\rpcnetp.exe 2008-10-16 18:41 111,544,864 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-10-16 18:30 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\MioNet 2008-10-15 21:47 --------- d-----w C:\Program Files\MioNet 2008-10-15 21:30 1,493,204 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-10-15 21:27 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\uTorrent 2008-10-11 23:45 140,052 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_10_11_23_53_31_small.dmp.zip 2008-10-11 23:26 --------- d-----w C:\Program Files\Common Files\Steam 2008-10-10 15:03 1,520,128 ----a-w C:\Windows\Internet Logs\xDBB5D1.tmp 2008-10-09 21:39 --------- d-----w C:\Program Files\Opera 2008-10-07 19:27 2,996,224 ----a-w C:\Windows\Internet Logs\xDBBFC8.tmp 2008-10-07 19:27 112,128 ----a-w C:\Windows\Internet Logs\xDBBC00.tmp 2008-10-07 19:26 2,996,224 ----a-w C:\Windows\Internet Logs\xDBC075.tmp 2008-10-07 18:24 349,221 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-10-07 18:24 2,994,688 ----a-w C:\Windows\Internet Logs\xDBDA4A.tmp 2008-10-07 18:24 2,199,040 ----a-w C:\Windows\Internet Logs\xDBD569.tmp 2008-10-04 08:58 1,398,784 ----a-w C:\Windows\Internet Logs\xDBADBE.tmp 2008-09-30 23:01 2,970,624 ----a-w C:\Windows\Internet Logs\xDBC339.tmp 2008-09-29 23:16 2,969,600 ----a-w C:\Windows\Internet Logs\xDBC53C.tmp 2008-09-28 23:31 2,969,088 ----a-w C:\Windows\Internet Logs\xDBB62D.tmp 2008-09-27 13:41 6,489,086 ----a-w C:\Windows\Internet Logs\tvDebug.zip 2008-09-27 13:26 1,392,304 ----a-w C:\Windows\System32\AutoPartNt.exe 2008-09-26 20:17 47,104 ----a-w C:\Windows\System32\rpcnet.exe 2008-09-25 22:41 41,472 ----a-w C:\Windows\Internet Logs\xDB94E1.tmp 2008-09-25 22:41 2,963,456 ----a-w C:\Windows\Internet Logs\xDB96E4.tmp 2008-09-24 23:44 24,576 ----a-w C:\Windows\Internet Logs\xDB8DB0.tmp 2008-09-24 23:44 2,962,432 ----a-w C:\Windows\Internet Logs\xDB8F66.tmp 2008-09-23 23:35 2,959,872 ----a-w C:\Windows\Internet Logs\xDB9780.tmp 2008-09-23 23:35 123,904 ----a-w C:\Windows\Internet Logs\xDB959C.tmp 2008-09-20 02:53 53,760 ----a-w C:\Windows\Internet Logs\xDB99E0.tmp 2008-09-20 02:53 2,940,928 ----a-w C:\Windows\Internet Logs\xDB9C32.tmp 2008-09-18 21:02 445,440 ----a-w C:\Windows\Internet Logs\xDBA017.tmp 2008-09-18 21:02 2,938,880 ----a-w C:\Windows\Internet Logs\xDBA23A.tmp 2008-09-17 23:15 2,938,368 ----a-w C:\Windows\Internet Logs\xDB9686.tmp 2008-09-13 03:12 2,929,152 ----a-w C:\Windows\Internet Logs\xDBD997.tmp 2008-09-12 18:35 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\Vso 2008-09-12 18:32 81,920 ----a-w C:\Users\Ole Einar\AppData\Roaming\ezpinst.exe 2008-09-12 18:32 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys 2008-09-12 18:32 47,360 ----a-w C:\Users\Ole Einar\AppData\Roaming\pcouffin.sys 2008-09-11 01:07 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-09 20:00 498,432 ----a-w C:\Windows\system32\drivers\ATSwpWDF.sys 2008-09-06 15:12 1,732 ----a-w C:\tvtpktfilter.dat 2008-09-06 14:05 --------- d-----w C:\Program Files\Common Files\Lenovo 2008-09-06 13:58 --------- d-----w C:\Program Files\Lenovo 2008-09-06 13:41 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-09-06 02:21 2,813,440 ----a-w C:\Windows\Internet Logs\xDB1576.tmp 2008-09-06 01:24 98,304 ----a-w C:\Windows\Internet Logs\xDB1391.tmp 2008-09-05 23:44 --------- d-----w C:\ProgramData\MailFrontier 2008-09-04 23:51 443,392 ----a-w C:\Windows\Internet Logs\xDBEF0F.tmp 2008-09-01 00:01 22,528 ----a-w C:\Windows\Internet Logs\xDB9359.tmp 2008-09-01 00:01 2,794,496 ----a-w C:\Windows\Internet Logs\xDB94C0.tmp 2008-08-31 03:36 1,059,840 ----a-w C:\Windows\Internet Logs\xDB931A.tmp 2008-08-31 03:25 2,793,472 ----a-w C:\Windows\Internet Logs\xDB94A1.tmp 2008-08-30 23:56 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-21 18:42 294,288 ----a-w C:\Windows\system32\drivers\vsdatant.sys 2008-08-21 18:41 72,592 ----a-w C:\Windows\zllsputility.exe 2008-08-21 18:41 1,221,008 ----a-w C:\Windows\System32\zpeng25.dll 2008-08-19 16:57 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-16 09:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 09:09 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\Auslogics 2008-08-07 04:22 221,696 ----a-w C:\Windows\Internet Logs\xDBAC07.tmp 2008-08-06 09:24 2,683,904 ----a-w C:\Windows\Internet Logs\xDBB337.tmp 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:53 207,872 ----a-w C:\Windows\Internet Logs\xDB94B0.tmp 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-23 18:16 54,272 ----a-w C:\Windows\Internet Logs\xDB91E2.tmp 2008-07-23 18:16 2,623,488 ----a-w C:\Windows\Internet Logs\xDB933A.tmp 2008-07-22 03:02 39,424 ----a-w C:\Windows\Internet Logs\xDB99AF.tmp 2008-07-22 03:02 2,619,392 ----a-w C:\Windows\Internet Logs\xDB9B46.tmp 2008-07-21 02:53 2,594,816 ----a-w C:\Windows\Internet Logs\xDBA321.tmp 2008-07-20 05:18 75,776 ----a-w C:\Windows\Internet Logs\xDBA43A.tmp 2008-07-20 05:18 2,594,304 ----a-w C:\Windows\Internet Logs\xDBA525.tmp 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-17 12:12 459,264 ----a-w C:\Windows\Internet Logs\xDBBC3C.tmp 2008-07-16 21:03 2,585,600 ----a-w C:\Windows\Internet Logs\xDBBFF4.tmp 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-13 11:25 63,935 ----a-w C:\Users\Ole Einar\AppData\Roaming\nvModes.dat 2008-05-04 14:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "MioNet"="C:\Program Files\MioNet\MioNetLauncher.exe" [2008-02-20 32768] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2008-03-17 13:37 431392 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2008-03-17 13:37 128288 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-18 23:33 125952 C:\Windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware] --a------ 2007-03-02 07:32 933888 C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2007-03-01 03:02 120368 C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet] -ra------ 2008-02-20 14:31 32768 C:\Program Files\MioNet\MioNetLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-01-13 10:40 7766016 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-01-13 10:40 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-01-13 10:40 90191 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler] --a------ 2007-06-05 18:11 34352 C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-10-23 12:00 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP] --a------ 2006-09-06 17:38 54824 C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-03-04 10:34 487424 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] --a------ 2007-03-16 16:06 1822720 C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5D62DE7C-F41B-4F61-822A-75F8E249BD05}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4AA20C0B-D564-4E69-8425-5250374B1CFC}"= UDP:D:\FrostWire\FrostWire.exe:LimeWire "{CD542D1D-AA08-44F3-B701-3619561DE16A}"= TCP:D:\FrostWire\FrostWire.exe:LimeWire "TCP Query User{3F268E9A-AC40-48B6-840C-5D70D02ED0BA}D:\\utorrent\\utorrent.exe"= UDP:D:\utorrent\utorrent.exe:uTorrent "UDP Query User{95A3EFC4-3282-403E-8BCA-057F07780C69}D:\\utorrent\\utorrent.exe"= TCP:D:\utorrent\utorrent.exe:uTorrent "TCP Query User{B01B70CF-28BF-4727-81FF-CAFDC9079B97}C:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:C:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary "UDP Query User{6DABD093-7263-4C5A-A9CB-7CFDBB1A2DCF}C:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:C:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary "{4C51E88F-CA6A-42EC-B3BF-AA7EEF07B1E6}"= UDP:1700:MioNet Remote Drive Access 0 "{D34715B6-EBBB-4066-82E5-91EE65BCD8A6}"= UDP:1701:MioNet Remote Drive Access 1 "{3789E0D6-B19B-4A6F-8A74-7EA9FED767CE}"= UDP:1702:MioNet Remote Drive Access 2 "{AE44FFFA-728E-42BE-BA28-15F572899C70}"= UDP:1703:MioNet Remote Drive Access 3 "{CB260E71-8B1D-49A1-900E-8D23AF24BCC9}"= UDP:1704:MioNet Remote Drive Access 4 "{D438C6E6-D3D1-47C7-9002-907A579025D1}"= UDP:1705:MioNet Remote Drive Access 5 "{CFA4F054-414D-41D1-9AA5-E944E7157957}"= UDP:1706:MioNet Remote Drive Access 6 "{58873F08-7843-4248-A4A5-E6B0401DF367}"= UDP:1707:MioNet Remote Drive Access 7 "{724C5A73-67E2-4197-AF62-C885D0E34454}"= UDP:1708:MioNet Remote Drive Access 8 "{98719165-64E3-4F0E-90E7-EDF42D9D79AC}"= UDP:1709:MioNet Remote Drive Access 9 "{F2969BCD-40AB-4F31-8874-4B5CA31DA990}"= UDP:1641:MioNet Remote Drive Verification "{6F362FF0-7A88-463D-9077-FE14D564A457}"= UDP:1647:MioNet Storage Device Configuration "{E201D3FB-417F-4F00-933F-BD143101F14E}"= TCP:5432:MioNet Storage Device Discovery "{5AE31C87-0516-47B0-8237-6D2146BD110D}"= UDP:C:\Program Files\MioNet\MioNetManager.exe:MioNetManager "{355B6553-617A-47D1-AD97-950162D083E8}"= TCP:C:\Program Files\MioNet\MioNetManager.exe:MioNetManager "{D4080D92-A3CE-4891-97FE-A5AB04ED2B3D}"= UDP:C:\Program Files\MioNet\jvm\bin\MioNet.exe:MioNet "{0FCC683F-0D81-413A-AB1B-C03B79411F84}"= TCP:C:\Program Files\MioNet\jvm\bin\MioNet.exe:MioNet "{B46C5C86-051B-475B-9AFD-F71DF324DD15}"= UDP:D:\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{80D22C5F-F371-48FF-BA12-15ACE333BD32}"= TCP:D:\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{833FB6F2-AA2A-4C6F-826C-F39246C78819}"= UDP:D:\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{8B73EB20-DFFA-4377-8857-E0D6178B4AA7}"= TCP:D:\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C96D6DD0-D341-47F8-97CE-2D7F9179DA85}"= UDP:D:\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{E37A3869-2A0B-403B-91B7-D8D7C7EA53B1}"= TCP:D:\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544] R0 pssnap;Paramount Software Snapshot Filter;C:\Windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] R2 MioNet;MioNet;C:\Program Files\MioNet\MioNetManager.exe [2008-02-20 139264] R2 TPHKSVC;Visning på skjermen;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-12-14 58224] R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-12-05 520192] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 79664] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 Ndisrd;WinpkFilter Service;C:\Windows\system32\DRIVERS\ndisrd.sys [2008-02-20 23224] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] S1 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416] S2 RDShutdown;RDShutdown Service;C:\Users\Ole Einar\Desktop\DShutdown\RDShutdown.exe [ ] S2 ReflectService;Macrium Reflect Image Mounting Service;D:\Macrium Reflect Backup\ReflectService.exe [2008-08-06 216032] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-07-11 260672] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-15 92656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6396cf71-eb81-11dc-a204-001dd9fbd3dc}] \shell\AutoRun\command - G:\bootcd\wintools\autorun.exe \shell\Option1\Command - G:\bootcd\wintools\autorun.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-RestartNeroSetup - G:\Installation\Setupx.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.daemon-search.com/startpage R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - D:\OFFICE~1\Office12\EXCEL.EXE/3000 O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\Windows\Downloaded Program Files\SysReqLab3.osd C:\Windows\Downloaded Program Files\sysreqlab3.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-16 20:50:36 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe C:\Windows\System32\rpcnet.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Windows\System32\conime.exe C:\Windows\System32\WerFault.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2008-10-16 21:00:47 - machine was rebooted [Ole Einar] ComboFix-quarantined-files.txt 2008-10-16 19:00:17 Pre-Run: 6,117,183,488 byte ledig Post-Run: 5,925,752,832 byte ledig 337 --- E O F --- 2008-10-09 19:08:18 Endret 16. oktober 2008 av Einar'n Lenke til kommentar
r2d290 Skrevet 15. oktober 2008 Del Skrevet 15. oktober 2008 Kunne du kjørt gjennom veiledningen på https://www.diskusjon.no/index.php?showtopic=691246 ? Lenke til kommentar
FuzzFuet Skrevet 16. oktober 2008 Forfatter Del Skrevet 16. oktober 2008 Har alt gjort det som sto der untatt og kjøre ComboFix Her er ComboFix loggen: ComboFix 08-10-15.01 - Ole Einar 2008-10-16 20:37:09.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2261 [GMT 2:00] Running from: C:\Users\Ole Einar\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 ))))))))))))))))))))))))))))))) . 2008-10-15 22:41 . 2008-10-15 22:41 <DIR> d-------- C:\!KillBox 2008-10-11 23:58 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys 2008-10-11 23:57 . 2008-10-11 23:57 <DIR> d-------- C:\Program Files\Panda Security 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\Users\Ole Einar\AppData\Roaming\Malwarebytes 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-08 21:12 . 2008-10-08 21:12 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-08 21:12 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-08 21:12 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-08 20:30 . 2008-10-11 16:22 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-08 20:30 . 2008-10-11 16:22 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\Users\Ole Einar\AppData\Roaming\Simply Super Software 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\Users\All Users\Simply Super Software 2008-10-08 20:27 . 2008-10-08 20:27 <DIR> d-------- C:\ProgramData\Simply Super Software 2008-10-08 20:27 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll 2008-10-08 20:27 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll 2008-10-08 20:27 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll 2008-10-08 20:27 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll 2008-10-08 20:27 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll 2008-10-07 18:00 . 2008-10-07 18:00 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf 2008-10-05 09:52 . 2008-10-05 09:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 18:46 47,104 ----a-w C:\Windows\System32\rpcnet.dll 2008-10-16 18:46 17,408 ----a-w C:\Windows\System32\rpcnetp.dll 2008-10-16 18:45 17,408 ----a-w C:\Windows\System32\rpcnetp.exe 2008-10-16 18:41 111,544,864 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-10-16 18:30 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\MioNet 2008-10-15 21:47 --------- d-----w C:\Program Files\MioNet 2008-10-15 21:30 1,493,204 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-10-15 21:27 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\uTorrent 2008-10-11 23:45 140,052 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_10_11_23_53_31_small.dmp.zip 2008-10-11 23:26 --------- d-----w C:\Program Files\Common Files\Steam 2008-10-10 15:03 1,520,128 ----a-w C:\Windows\Internet Logs\xDBB5D1.tmp 2008-10-09 21:39 --------- d-----w C:\Program Files\Opera 2008-10-07 19:27 2,996,224 ----a-w C:\Windows\Internet Logs\xDBBFC8.tmp 2008-10-07 19:27 112,128 ----a-w C:\Windows\Internet Logs\xDBBC00.tmp 2008-10-07 19:26 2,996,224 ----a-w C:\Windows\Internet Logs\xDBC075.tmp 2008-10-07 18:24 349,221 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-10-07 18:24 2,994,688 ----a-w C:\Windows\Internet Logs\xDBDA4A.tmp 2008-10-07 18:24 2,199,040 ----a-w C:\Windows\Internet Logs\xDBD569.tmp 2008-10-04 08:58 1,398,784 ----a-w C:\Windows\Internet Logs\xDBADBE.tmp 2008-09-30 23:01 2,970,624 ----a-w C:\Windows\Internet Logs\xDBC339.tmp 2008-09-29 23:16 2,969,600 ----a-w C:\Windows\Internet Logs\xDBC53C.tmp 2008-09-28 23:31 2,969,088 ----a-w C:\Windows\Internet Logs\xDBB62D.tmp 2008-09-27 13:41 6,489,086 ----a-w C:\Windows\Internet Logs\tvDebug.zip 2008-09-27 13:26 1,392,304 ----a-w C:\Windows\System32\AutoPartNt.exe 2008-09-26 20:17 47,104 ----a-w C:\Windows\System32\rpcnet.exe 2008-09-25 22:41 41,472 ----a-w C:\Windows\Internet Logs\xDB94E1.tmp 2008-09-25 22:41 2,963,456 ----a-w C:\Windows\Internet Logs\xDB96E4.tmp 2008-09-24 23:44 24,576 ----a-w C:\Windows\Internet Logs\xDB8DB0.tmp 2008-09-24 23:44 2,962,432 ----a-w C:\Windows\Internet Logs\xDB8F66.tmp 2008-09-23 23:35 2,959,872 ----a-w C:\Windows\Internet Logs\xDB9780.tmp 2008-09-23 23:35 123,904 ----a-w C:\Windows\Internet Logs\xDB959C.tmp 2008-09-20 02:53 53,760 ----a-w C:\Windows\Internet Logs\xDB99E0.tmp 2008-09-20 02:53 2,940,928 ----a-w C:\Windows\Internet Logs\xDB9C32.tmp 2008-09-18 21:02 445,440 ----a-w C:\Windows\Internet Logs\xDBA017.tmp 2008-09-18 21:02 2,938,880 ----a-w C:\Windows\Internet Logs\xDBA23A.tmp 2008-09-17 23:15 2,938,368 ----a-w C:\Windows\Internet Logs\xDB9686.tmp 2008-09-13 03:12 2,929,152 ----a-w C:\Windows\Internet Logs\xDBD997.tmp 2008-09-12 18:35 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\Vso 2008-09-12 18:32 81,920 ----a-w C:\Users\Ole Einar\AppData\Roaming\ezpinst.exe 2008-09-12 18:32 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys 2008-09-12 18:32 47,360 ----a-w C:\Users\Ole Einar\AppData\Roaming\pcouffin.sys 2008-09-11 01:07 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-09 20:00 498,432 ----a-w C:\Windows\system32\drivers\ATSwpWDF.sys 2008-09-06 15:12 1,732 ----a-w C:\tvtpktfilter.dat 2008-09-06 14:05 --------- d-----w C:\Program Files\Common Files\Lenovo 2008-09-06 13:58 --------- d-----w C:\Program Files\Lenovo 2008-09-06 13:41 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-09-06 02:21 2,813,440 ----a-w C:\Windows\Internet Logs\xDB1576.tmp 2008-09-06 01:24 98,304 ----a-w C:\Windows\Internet Logs\xDB1391.tmp 2008-09-05 23:44 --------- d-----w C:\ProgramData\MailFrontier 2008-09-04 23:51 443,392 ----a-w C:\Windows\Internet Logs\xDBEF0F.tmp 2008-09-01 00:01 22,528 ----a-w C:\Windows\Internet Logs\xDB9359.tmp 2008-09-01 00:01 2,794,496 ----a-w C:\Windows\Internet Logs\xDB94C0.tmp 2008-08-31 03:36 1,059,840 ----a-w C:\Windows\Internet Logs\xDB931A.tmp 2008-08-31 03:25 2,793,472 ----a-w C:\Windows\Internet Logs\xDB94A1.tmp 2008-08-30 23:56 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-21 18:42 294,288 ----a-w C:\Windows\system32\drivers\vsdatant.sys 2008-08-21 18:41 72,592 ----a-w C:\Windows\zllsputility.exe 2008-08-21 18:41 1,221,008 ----a-w C:\Windows\System32\zpeng25.dll 2008-08-19 16:57 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-16 09:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-16 09:09 --------- d-----w C:\Users\Ole Einar\AppData\Roaming\Auslogics 2008-08-07 04:22 221,696 ----a-w C:\Windows\Internet Logs\xDBAC07.tmp 2008-08-06 09:24 2,683,904 ----a-w C:\Windows\Internet Logs\xDBB337.tmp 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:53 207,872 ----a-w C:\Windows\Internet Logs\xDB94B0.tmp 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-23 18:16 54,272 ----a-w C:\Windows\Internet Logs\xDB91E2.tmp 2008-07-23 18:16 2,623,488 ----a-w C:\Windows\Internet Logs\xDB933A.tmp 2008-07-22 03:02 39,424 ----a-w C:\Windows\Internet Logs\xDB99AF.tmp 2008-07-22 03:02 2,619,392 ----a-w C:\Windows\Internet Logs\xDB9B46.tmp 2008-07-21 02:53 2,594,816 ----a-w C:\Windows\Internet Logs\xDBA321.tmp 2008-07-20 05:18 75,776 ----a-w C:\Windows\Internet Logs\xDBA43A.tmp 2008-07-20 05:18 2,594,304 ----a-w C:\Windows\Internet Logs\xDBA525.tmp 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-17 12:12 459,264 ----a-w C:\Windows\Internet Logs\xDBBC3C.tmp 2008-07-16 21:03 2,585,600 ----a-w C:\Windows\Internet Logs\xDBBFF4.tmp 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-13 11:25 63,935 ----a-w C:\Users\Ole Einar\AppData\Roaming\nvModes.dat 2008-05-04 14:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "MioNet"="C:\Program Files\MioNet\MioNetLauncher.exe" [2008-02-20 32768] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2008-03-17 13:37 431392 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2008-03-17 13:37 128288 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-18 23:33 125952 C:\Windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware] --a------ 2007-03-02 07:32 933888 C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2007-03-01 03:02 120368 C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet] -ra------ 2008-02-20 14:31 32768 C:\Program Files\MioNet\MioNetLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-01-13 10:40 7766016 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-01-13 10:40 81920 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2007-01-13 10:40 90191 C:\Windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler] --a------ 2007-06-05 18:11 34352 C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-10-23 12:00 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP] --a------ 2006-09-06 17:38 54824 C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-03-04 10:34 487424 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] --a------ 2007-03-16 16:06 1822720 C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5D62DE7C-F41B-4F61-822A-75F8E249BD05}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4AA20C0B-D564-4E69-8425-5250374B1CFC}"= UDP:D:\FrostWire\FrostWire.exe:LimeWire "{CD542D1D-AA08-44F3-B701-3619561DE16A}"= TCP:D:\FrostWire\FrostWire.exe:LimeWire "TCP Query User{3F268E9A-AC40-48B6-840C-5D70D02ED0BA}D:\\utorrent\\utorrent.exe"= UDP:D:\utorrent\utorrent.exe:uTorrent "UDP Query User{95A3EFC4-3282-403E-8BCA-057F07780C69}D:\\utorrent\\utorrent.exe"= TCP:D:\utorrent\utorrent.exe:uTorrent "TCP Query User{B01B70CF-28BF-4727-81FF-CAFDC9079B97}C:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:C:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary "UDP Query User{6DABD093-7263-4C5A-A9CB-7CFDBB1A2DCF}C:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:C:\program files\mionet\jvm\bin\mionet.exe:Java Platform SE binary "{4C51E88F-CA6A-42EC-B3BF-AA7EEF07B1E6}"= UDP:1700:MioNet Remote Drive Access 0 "{D34715B6-EBBB-4066-82E5-91EE65BCD8A6}"= UDP:1701:MioNet Remote Drive Access 1 "{3789E0D6-B19B-4A6F-8A74-7EA9FED767CE}"= UDP:1702:MioNet Remote Drive Access 2 "{AE44FFFA-728E-42BE-BA28-15F572899C70}"= UDP:1703:MioNet Remote Drive Access 3 "{CB260E71-8B1D-49A1-900E-8D23AF24BCC9}"= UDP:1704:MioNet Remote Drive Access 4 "{D438C6E6-D3D1-47C7-9002-907A579025D1}"= UDP:1705:MioNet Remote Drive Access 5 "{CFA4F054-414D-41D1-9AA5-E944E7157957}"= UDP:1706:MioNet Remote Drive Access 6 "{58873F08-7843-4248-A4A5-E6B0401DF367}"= UDP:1707:MioNet Remote Drive Access 7 "{724C5A73-67E2-4197-AF62-C885D0E34454}"= UDP:1708:MioNet Remote Drive Access 8 "{98719165-64E3-4F0E-90E7-EDF42D9D79AC}"= UDP:1709:MioNet Remote Drive Access 9 "{F2969BCD-40AB-4F31-8874-4B5CA31DA990}"= UDP:1641:MioNet Remote Drive Verification "{6F362FF0-7A88-463D-9077-FE14D564A457}"= UDP:1647:MioNet Storage Device Configuration "{E201D3FB-417F-4F00-933F-BD143101F14E}"= TCP:5432:MioNet Storage Device Discovery "{5AE31C87-0516-47B0-8237-6D2146BD110D}"= UDP:C:\Program Files\MioNet\MioNetManager.exe:MioNetManager "{355B6553-617A-47D1-AD97-950162D083E8}"= TCP:C:\Program Files\MioNet\MioNetManager.exe:MioNetManager "{D4080D92-A3CE-4891-97FE-A5AB04ED2B3D}"= UDP:C:\Program Files\MioNet\jvm\bin\MioNet.exe:MioNet "{0FCC683F-0D81-413A-AB1B-C03B79411F84}"= TCP:C:\Program Files\MioNet\jvm\bin\MioNet.exe:MioNet "{B46C5C86-051B-475B-9AFD-F71DF324DD15}"= UDP:D:\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{80D22C5F-F371-48FF-BA12-15ACE333BD32}"= TCP:D:\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{833FB6F2-AA2A-4C6F-826C-F39246C78819}"= UDP:D:\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{8B73EB20-DFFA-4377-8857-E0D6178B4AA7}"= TCP:D:\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C96D6DD0-D341-47F8-97CE-2D7F9179DA85}"= UDP:D:\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{E37A3869-2A0B-403B-91B7-D8D7C7EA53B1}"= TCP:D:\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544] R0 pssnap;Paramount Software Snapshot Filter;C:\Windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] R2 MioNet;MioNet;C:\Program Files\MioNet\MioNetManager.exe [2008-02-20 139264] R2 TPHKSVC;Visning på skjermen;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-12-14 58224] R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-12-05 520192] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 79664] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 Ndisrd;WinpkFilter Service;C:\Windows\system32\DRIVERS\ndisrd.sys [2008-02-20 23224] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] S1 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416] S2 RDShutdown;RDShutdown Service;C:\Users\Ole Einar\Desktop\DShutdown\RDShutdown.exe [ ] S2 ReflectService;Macrium Reflect Image Mounting Service;D:\Macrium Reflect Backup\ReflectService.exe [2008-08-06 216032] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-07-11 260672] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-15 92656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6396cf71-eb81-11dc-a204-001dd9fbd3dc}] \shell\AutoRun\command - G:\bootcd\wintools\autorun.exe \shell\Option1\Command - G:\bootcd\wintools\autorun.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-RestartNeroSetup - G:\Installation\Setupx.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.daemon-search.com/startpage R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - D:\OFFICE~1\Office12\EXCEL.EXE/3000 O8 -: Send bilde til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send side til &Bluetooth-enhet... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab C:\Windows\Downloaded Program Files\SysReqLab3.osd C:\Windows\Downloaded Program Files\sysreqlab3.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-16 20:50:36 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe C:\Windows\System32\rpcnet.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Windows\System32\conime.exe C:\Windows\System32\WerFault.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2008-10-16 21:00:47 - machine was rebooted [Ole Einar] ComboFix-quarantined-files.txt 2008-10-16 19:00:17 Pre-Run: 6,117,183,488 byte ledig Post-Run: 5,925,752,832 byte ledig 337 --- E O F --- 2008-10-09 19:08:18 Lenke til kommentar
snippsat Skrevet 16. oktober 2008 Del Skrevet 16. oktober 2008 (endret) Dette er en windows error logger. C:\Windows\system32\werfault.exe Hver gang den finner et problem,lager den en logg. Denne kan også sende logger til microsoft,viss det er valgt. Du kan se selv at du har masse logger. 2008-10-07 18:24 2,994,688 ----a-w C:\Windows\Internet Logs\xDBDA4A.tmp Masse filer av denne som du ser. Vi slår den av. Control Panel > System and Maintenance > Problem Reports and Solutions > Change settings > Advanced settings From here you can turn the feature on and off. Here, I recommend selecting "Automatically check for solutions" as your system setting. Then, if for some reason you have programs you do not wish to have report, there is a block list you can use to add any executable that should not send problem reports. Fra register. Start->søk->regedit. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting] > "DoReport"=dword:00000000 > "ShowUI"=dword:00000000 Se om dette hjelper. Last ned Process explorer og poste et skjembilde av cpu forbruk,viss dette ikke hjelper. Endret 16. oktober 2008 av SNIPPSAT Lenke til kommentar
FuzzFuet Skrevet 17. oktober 2008 Forfatter Del Skrevet 17. oktober 2008 Skal prøve det, men siden jeg har norsk Vista så finner jeg ikke ut hvor "Control Panel > System and Maintenance > Problem Reports and Solutions > Change settings > Advanced settings" er, kunne ikke se noe som tilsvarte "System and Maintenance". Men fandt fram i regedit, men skjønner ikke hva jeg skal gjøre der Lenke til kommentar
snippsat Skrevet 17. oktober 2008 Del Skrevet 17. oktober 2008 (endret) "DoReport"="du dobbelklikker på denne I feltet verdidata(value data)står det nok 1. Da er funskjon på,da setter du 0 På->dword:00000001 Av->dword:00000000 Samme med ShowUI Endret 17. oktober 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå