halvors Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 I lengre tid har pcen min gått relativt tregt, og etter å finkjemmet maange forum fikk jeg beskjed om å laste ned process explorer. Det gjorde jeg og fant ut at svchost tok mye av cpuen min. jeg fant ut at termsrv.dll var synderen, men hva nå? Hvordan får jeg den ned til normal cpu hastighet? Kan dette være en trojaner eller noe? Takker for alle svar! Lenke til kommentar
Fikseren Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 Dette kan være en trojaner ja. Last ned MalwareBytes og rensk for trojanere i minnet ditt. Så skal du se det fikser seg. Lenke til kommentar
JuBi Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 http://www.processlibrary.com/directory/ der kan du finne ut hva som kjøres av prosesser i windows Lenke til kommentar
snippsat Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 Post gjerne loggen viss du kjører MalwareBytes. Gjør dette og så ser vi om det er greit. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
halvors Skrevet 19. desember 2008 Forfatter Del Skrevet 19. desember 2008 Akkurat ferdig med å kjøre malwarebytes, og den fant ingenting!?? Prøver combofix nå, så får se om jeg får noen flere svar da Lenke til kommentar
halvors Skrevet 19. desember 2008 Forfatter Del Skrevet 19. desember 2008 Her er loggen. Sier ikke meg så mye egentlig: Mens jeg kjørte den fikk jeg melding om et virus av virusbeskyttelsen. Hva nå? ComboFix 08-12-18.03 - Halvors 2008-12-19 19:19:23.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1918.876 [GMT 1:00] Kjører fra: d:\nedlastning\Inst.filer\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-19 til 2008-12-19 ))))))))))))))))))))))))))))))))) . 2008-12-19 15:45 . 2008-12-19 15:45 <DIR> d-------- c:\users\Halvors\AppData\Roaming\Malwarebytes 2008-12-19 15:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-19 15:44 . 2008-12-19 15:44 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-19 15:44 . 2008-12-19 15:44 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-19 15:44 . 2008-12-19 15:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-19 15:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-19 14:57 . 2008-12-19 14:57 <DIR> d-------- c:\users\Halvors\AppData\Roaming\Uniblue 2008-12-19 14:57 . 2008-12-19 14:57 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-19 14:57 . 2008-12-19 14:57 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-12-19 14:57 . 2008-12-19 14:57 <DIR> d-------- c:\program files\Uniblue 2008-12-19 14:53 . 2008-12-19 14:53 <DIR> d-------- c:\program files\Trend Micro 2008-12-19 13:03 . 2008-12-19 13:05 <DIR> d-------- c:\users\All Users\Lavasoft 2008-12-19 13:03 . 2008-12-19 13:05 <DIR> d-------- c:\programdata\Lavasoft 2008-12-19 13:03 . 2008-12-19 13:03 <DIR> d-------- c:\program files\Lavasoft 2008-12-19 12:58 . 2008-12-19 12:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-18 13:23 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-10 14:15 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-10 14:06 . 2008-11-01 00:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-10 14:06 . 2008-11-01 04:33 1,687,040 --a------ c:\windows\System32\gameux.dll 2008-12-10 14:06 . 2008-10-21 06:16 297,472 --a------ c:\windows\System32\gdi32.dll 2008-12-10 14:06 . 2008-11-01 04:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-10 14:03 . 2008-06-23 02:52 2,855,424 --a------ c:\windows\System32\mf.dll 2008-12-10 14:03 . 2008-06-23 02:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-10 14:03 . 2008-06-23 02:52 98,816 --a------ c:\windows\System32\mfps.dll 2008-12-10 14:03 . 2008-06-23 02:52 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-10 14:03 . 2008-06-23 02:52 52,736 --a------ c:\windows\System32\rrinstaller.exe 2008-12-10 14:03 . 2008-10-16 05:40 26,624 --a------ c:\windows\System32\ieUnatt.exe 2008-12-10 14:03 . 2008-06-23 02:52 24,576 --a------ c:\windows\System32\mfpmp.exe 2008-12-10 14:03 . 2008-06-22 23:34 2,048 --a------ c:\windows\System32\mferror.dll 2008-12-08 21:37 . 2008-12-08 21:37 <DIR> d-------- C:\perflogs 2008-12-08 21:21 . 2008-12-08 21:21 <DIR> d-------- c:\users\Halvors\AppData\Roaming\vlc 2008-12-02 23:21 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-12-02 23:21 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-12-02 23:21 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-12-02 23:21 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-12-02 23:20 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-12-02 23:20 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-12-02 23:20 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-12-02 23:20 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-12-02 23:20 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-12-01 12:06 . 2008-12-01 12:06 <DIR> d-------- c:\windows\Sun 2008-11-28 17:44 . 2008-11-29 10:57 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2008-11-28 17:44 . 2008-11-28 17:44 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-11-28 17:23 . 2008-11-28 17:23 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2008-11-28 17:13 . 2008-12-19 09:51 <DIR> d-------- c:\users\Halvors\Tracing 2008-11-28 17:10 . 2008-11-28 17:10 <DIR> d-------- c:\program files\Microsoft 2008-11-28 17:07 . 2008-11-28 17:07 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-11-28 17:00 . 2008-11-10 05:43 410,984 --a------ c:\windows\System32\deploytk.dll 2008-11-28 16:32 . 2008-11-28 16:32 <DIR> d-------- c:\program files\filehippo.com 2008-11-27 00:43 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-27 00:43 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-27 00:43 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-27 00:43 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-27 00:43 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll 2008-11-27 00:43 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll 2008-11-27 00:42 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-25 14:28 . 2008-11-25 14:29 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 14:28 . 2008-11-25 14:29 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-25 14:28 . 2008-11-25 14:29 <DIR> d-------- c:\program files\iTunes 2008-11-25 14:28 . 2008-11-25 14:28 <DIR> d-------- c:\program files\iPod 2008-11-25 14:25 . 2008-11-25 14:26 <DIR> d-------- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-19 12:58 --------- d-----w c:\program files\Google 2008-12-19 08:50 --------- d-----w c:\program files\Norman 2008-12-12 16:25 --------- d-----w c:\program files\Steam 2008-12-10 13:28 174 --sha-w c:\program files\desktop.ini 2008-12-10 13:25 --------- d-----w c:\program files\Windows Mail 2008-12-10 13:07 --------- d-----w c:\program files\Java 2008-12-09 12:57 --------- d-----w c:\program files\Opera 2008-12-08 20:16 --------- d-----w c:\program files\PokerStars 2008-12-07 16:31 --------- d-----w c:\users\Halvors\AppData\Roaming\Microgaming 2008-12-07 11:17 --------- d-----w c:\users\Halvors\AppData\Roaming\LimeWire 2008-12-03 12:49 --------- d-----w c:\program files\Common Files\Steam 2008-11-28 16:11 --------- d-----w c:\program files\Windows Live 2008-11-28 15:58 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-28 15:54 --------- d-----w c:\program files\Common Files\Ahead 2008-11-28 15:48 --------- d-----w c:\program files\Common Files\Adobe 2008-11-25 13:28 --------- d-----w c:\program files\Common Files\Apple 2008-11-04 10:23 --------- d-----w c:\programdata\PopCap 2008-11-04 10:23 --------- d-----w c:\program files\PopCap Games 2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe 2008-10-22 19:35 --------- d-----w c:\program files\LimeWire 2008-10-22 14:39 --------- d-----w c:\programdata\TrackMania 2008-10-21 12:34 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 18:49 --------- d-----w c:\program files\NorgesAutomaten 2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll 2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-05-20 16:02 22,328 ----a-w c:\users\Halvors\AppData\Roaming\PnkBstrK.sys 2008-02-12 20:48 32 ----a-w c:\users\All Users\ezsid.dat 2008-02-12 20:48 32 ----a-w c:\programdata\ezsid.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-26 1232896] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616] "NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] --a------ 2008-10-22 13:51 147968 c:\program files\filehippo.com\UpdateChecker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{587D30D3-02CC-47D1-9CDB-3722AEACA3F4}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{1D910793-DE3B-434F-9270-3C4F5DAA09DE}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "{2B54FABB-9C49-4036-9F9A-133163DF2E4F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2F6EADE2-55DC-4EA9-AD7E-00D218298FF8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{1EC8E5DF-2CA1-4028-9B67-4FC994AC84D3}c:\\program files\\steam\\steamapps\\halv0rs1\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\halv0rs1\counter-strike source\hl2.exe:hl2 "UDP Query User{4721A9F0-0F02-49CF-B1CA-A8A3251B539C}c:\\program files\\steam\\steamapps\\halv0rs1\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\halv0rs1\counter-strike source\hl2.exe:hl2 "TCP Query User{0CD5F201-036D-4106-8EF2-C5732B908C5F}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{473A5B1C-3FDF-4AFC-8BAE-7EDFEFE4B8A4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{018FC71B-1184-4725-83E9-68101C7BC47F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{F3418B5F-9C06-40AD-8FB6-4D01FC26D2CB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{639068C4-2011-4251-BA5B-A3978CD1589E}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{0B9350B1-8935-467E-8CCD-52EF273C456C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{D52B7B95-EA7A-49BA-8523-58F0549491BA}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{6DDBF46D-423D-4C95-A48F-230DEEFC3AEA}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{6C2AA3A9-5328-4C84-BBED-F72A97B999EF}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C4F51FA2-3FA5-4BC4-940D-D70C4A4D5E49}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{2B10C555-FB3E-4DD8-929B-9FA60CB08B1E}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{DF309703-71B5-4EFC-9B91-F714995DEFFD}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe "{EA176B4A-2D66-4685-BA30-9AC2CBA6A4FF}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{305FB197-FDBD-4D8E-9785-0D16419242A5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{F6EA15A3-CC1F-44B4-95A2-A9990D43F7A6}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{4D1A3A7D-BFDD-4B14-8638-572B5B343F75}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{D4A0E0C9-952C-47E5-A432-2CB1B7A12174}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{273134E1-8020-4F43-9FC2-298749222E2A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{F88C185D-3C7F-45DD-9432-4BB9E8F6A40E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{604A9FD1-D62F-48CA-964B-5C15BFBE7014}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{C25C1B2F-297E-4635-B195-AA234CEFB0BA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{6103E184-4229-4A68-9245-7DEE945FA71A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{22AA866B-438F-4F9A-B55F-F4FE6803EFBF}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{F884B790-57B8-4312-BB49-571AC7A1FEB1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{8C43A61A-24B1-4C6E-AEEE-FFA8B7E6939D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{8A670A81-AE17-42BE-B6DE-E1B7CE6BA31F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{D86F7D5D-9DB1-4CF4-AA53-C668435120E3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{C77D5E8E-C6CF-4801-977E-BB01A3409B6E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{7F30C984-2137-4445-A0F3-F01E80E539A3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{4E984572-AF8A-4997-A7AA-355F641FA367}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{0FA7CB61-56EF-419E-9A71-B8D63C65CCF2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{97F20E6B-4213-4810-AC60-65D3EEBFE4F7}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "TCP Query User{445322E1-EDF8-48F6-A5DC-C1A892382586}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{344F7241-CE8F-4678-AC27-4D0E728CA164}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{288A85B2-4BF4-4D51-A2D4-C5AAAE485068}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{30A8F9AE-DABE-4E39-B615-B83A2ADD533B}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{5DD8B05C-A5E1-43F2-8885-C4AE1FD63B9E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{A291EB23-2C64-43CA-8333-E325C4CF9BF3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{D5F56024-FAE5-4967-9172-D5944C0BB7CA}c:\\program files\\steam\\steamapps\\halv0rs1\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\halv0rs1\counter-strike source\hl2.exe:hl2 "UDP Query User{6BCAEB0C-99EB-4721-975D-AC28D7A8A68B}c:\\program files\\steam\\steamapps\\halv0rs1\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\halv0rs1\counter-strike source\hl2.exe:hl2 "{30F8C35A-859C-460C-904E-80D5980FEAD5}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{2DD131FA-E1CE-4DA3-8434-D41F9D5CD5E1}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{CAF51531-8342-4412-8FB7-32506B9C32F9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{16FA69D4-4AFC-4D6F-BCF0-11FC80E2B58D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{4F95E9B8-5169-420C-8690-60800D67C70B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7B049100-140E-452B-B505-4CC503796330}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{F8BFCC1E-F186-4924-885C-687E676CD276}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{DA227C11-7F10-40CF-910A-095F47BB7AF7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 ALE_NF;Norman Firewall ALE driver;\??\c:\windows\system32\drivers\ale_nf.sys [2008-08-07 42552] R1 NPROSEC;Norman Security driver;\??\c:\program files\Norman\Ngs\Bin\nprosec.sys [2008-10-30 53816] R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2008-09-21 20448] R2 NPFSvc32;Norman Personal Firewall Service;"c:\program files\Norman\npf\bin\npfsvc32.exe" [2008-10-30 597104] R2 NPROSECSVC;Norman Security service;"c:\program files\Norman\Ngs\Bin\Nprosec.exe" [2008-09-21 121912] R2 NVOY;Norman's Very Own supplY of resources;"c:\program files\Norman\npm\bin\nvoy.exe" [2008-08-07 121912] R3 NPC;Norman Parental Control;"c:\program files\Norman\npc\bin\npcsvc32.exe" [2008-09-21 416880] R3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-09-21 322616] R3 NUAA;Norman User Activity Agent;"c:\program files\Norman\npc\bin\nuaa.exe" [2008-09-21 117816] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-09-21 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\Bin\nvcoas.exe" [2008-09-21 191544] R3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" [2008-08-07 154680] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1c9651-1773-11dd-bd0a-00030d7ab883}] \shell\AutoRun\command - G:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1c9655-1773-11dd-bd0a-00030d7ab883}] \shell\AutoRun\command - H:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1c9656-1773-11dd-bd0a-00030d7ab883}] \shell\AutoRun\command - I:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb5be11-4a7f-11dd-82b8-00030d7ab883}] \shell\AutoRun\command - J:\Autorun.exe /run \shell\Shell00\Command - J:\Autorun.exe /run \shell\Shell01\Command - J:\Autorun.exe /action \shell\Shell02\Command - J:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{408629a6-413b-11dd-8f41-00030d7ab883}] \shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f10e7ae-cdb7-11dc-bf1e-00030d7ab883}] \shell\AutoRun\command - f:\setup\rsrc\Autorun.exe \shell\dinstall\command - f:\directx\dxsetup.exe *Newly Created Service* - PROCEXP113 *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57} /qb . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-19 19:28:34 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2008-12-19 19:44:24 ComboFix-quarantined-files.txt 2008-12-19 18:44:15 Pre-Run: 93 598 724 096 byte ledig Post-Run: 94,794,895,360 byte ledig 254 --- E O F --- 2008-12-19 08:57:59 Lenke til kommentar
snippsat Skrevet 19. desember 2008 Del Skrevet 19. desember 2008 (endret) Loggen se grei ut med tanke på malware. termsrv.dll er en god fil. http://www.liutilities.com/products/wintas...ibrary/termsrv/ Gi mere info,om problemet kan bruke andre verktøy for og finne ut hva filer under svchost driver med. Når kom problemet sånn ca dato? Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Endret 19. desember 2008 av SNIPPSAT Lenke til kommentar
halvors Skrevet 19. desember 2008 Forfatter Del Skrevet 19. desember 2008 Problemet har vart i ca en mnd. <Gi mere info,om problemet kan bruke andre verktøy for og finne ut hva filer under svchost driver med. Er ikke helt sikker på hva du mener her. Lenke til kommentar
halvors Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 termservice er jo det som sørger for noe eksterne greier. Jeg har aldri holdt på med noe eksterne greier. kan jeg stoppe dette programmet da? Pcen klikker ikke eller noe sånt da? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå