[Løst] GPU kjører på 98% load når pc er idle.

[petter_n]

Har et Radeon HD 7970 som har begynt å kjøre på 98% load når pc'n er idle.

Har funnet et tips om at det kan være mailware eller no og har kjørt Spybot S&D og Malwarebytes med det resultat at når de er ferdige med å scanne så detter gpu load til 0%. Kjører da clean i programmene og restarter maskinen, da går det et par minuter så er gpu oppe på 98% igjenn. Har også avinstalert sjermkort driver og instalert på nytt, da holdt det noe lengre.

Er det noen som kan hjelpe meg ?

[mobile999]

Last ned og kjør dds.scr og post innholdet i begge loggene som den lager. Ikke komprimer og legg ved som programmet foreslår.

 

Ikke rediger (bort) noe i loggene.

 

Hvis du ikke får lastet ned eller kjørt programmet så skriver du bare det.

[petter_n]

Hei.

Takk for responsen, her kommer raportene.

 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 06.06.2012 16:26:45
System Uptime: 05.01.2014 13:08:32 (9 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | RAMPAGE IV EXTREME
Processor: Intel® Core i7-3930K CPU @ 3.20GHz | LGA2011 | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 65,484 GiB free.
D: is FIXED (NTFS) - 2795 GiB total, 2354,755 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP295: 28.12.2013 20:19:32 - Windows Update
RP296: 02.01.2014 10:46:43 - Windows Update
RP297: 02.01.2014 21:14:45 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
RP298: 02.01.2014 21:15:03 - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
RP299: 02.01.2014 21:15:25 - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
RP300: 05.01.2014 01:18:39 - Removed Samsung Kies
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 91.206.200.221
Hosts: 0.0.0.0 bidtraffic.ru
Hosts: 0.0.0.0 bir3yka.narod2.ru
Hosts: 0.0.0.0 enet.vn.ua
Hosts: 0.0.0.0 rax.ru
Hosts: 0.0.0.0 yandex.ru
Hosts: 0.0.0.0 ukraine.com.ua
.
==== Installed Programs ======================
.
«Saints Row IV» 1.0.0.4
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
AI Suite II
AIDA64 Extreme Edition v2.50
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Amnesia - The Dark Descent
Apple-programsupport
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Bluetooth Win7 Suite (64)
Bonjour
Borderlands 2
Call of Duty Black Ops 2
Call of Duty: Black Ops
Call of Juarez Gunslinger © Ubisoft version 1
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Crash Time III
Dead Island Riptide © Deep Silver version 1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Shrink 3.2
Far Cry 3
Far Cry 3 Blood Dragon
Fraps
Google Earth
Google Update Helper
HostsMan 4.0.85 Beta6
ImgBurn
Intel® Network Connections 16.5.2.0
Intel® Rapid Storage Technology enterprise
Intel® Watchdog Timer Driver (Intel® WDT)
iTunes
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft XNA Framework Redistributable 4.0
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
neroxml
Notepad++
NVIDIA PhysX
OpenAL
Opera 12.02
Opera 12.16
PDF-XChange 2012 Pro
PDFCreator
QuickTime
Raptr
Rapture3D 2.4.11 Game
Razer Anansi Firmware Updater
Razer Game Booster
Razer Synapse 2.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
ROTR Beta 1.5
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Serious Sam 2
SPORE™
SPORE™ Skummelt og søtt ekstrautstyr
Spybot - Search & Destroy
Steam
swMSM
TechPowerUp GPU-Z
Tom Clancy's Splinter Cell © Blacklist - InstallShield Wizard ...
Tunngle beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Uplay
Værmelding (yr.no)
VLC media player 2.0.7
Windows 7 USB/DVD Download Tool
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WinRAR 4.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
05.01.2014 13:08:04, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:08:04, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05.01.2014 13:08:04, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:08:04, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:08:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Location Awareness service to connect.
05.01.2014 13:08:04, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.01.2014 13:08:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Portable Device Enumerator Service service to connect.
05.01.2014 13:08:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Human Interface Device Access service to connect.
05.01.2014 13:08:01, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.01.2014 13:08:01, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.01.2014 13:08:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Event Log service, but this action failed with the following error: An instance of the service is already running.
05.01.2014 13:08:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: Circular service dependency was specified.
05.01.2014 13:08:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
05.01.2014 13:08:00, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
05.01.2014 13:08:00, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio. Check the service dependency tree.
05.01.2014 13:08:00, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: Circular service dependency was specified.
05.01.2014 13:07:55, Error: Service Control Manager [7031] - The Bluetooth Support Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:43, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:43, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:43, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
05.01.2014 13:07:40, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147467243.
05.01.2014 13:07:40, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
05.01.2014 13:07:40, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80004015.
05.01.2014 13:07:32, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:32, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Connections service to connect.
05.01.2014 13:07:32, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05.01.2014 13:07:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
05.01.2014 13:07:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
05.01.2014 13:07:18, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
05.01.2014 13:07:18, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
05.01.2014 13:07:18, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
05.01.2014 13:07:12, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
05.01.2014 13:07:12, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
05.01.2014 13:07:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network List Service service, but this action failed with the following error: An instance of the service is already running.
05.01.2014 13:07:12, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
05.01.2014 13:07:12, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:12, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:12, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05.01.2014 13:07:12, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05.01.2014 13:07:00, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
05.01.2014 05:05:08, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
04.01.2014 21:05:08, Error: Service Control Manager [7000] - The StarWind AE Service service failed to start due to the following error: The system cannot find the file specified.
02.01.2014 13:40:17, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service has not been started.
02.01.2014 13:40:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by petter_n at 22:52:46 on 2014-01-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1033.18.8140.6037 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.09\AsusFanControlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\System32\schtasks.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
"C:\Windows\Temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com:3334 -O trponilov.13s:13 --scrypt --no-submit-stale -I 12 -w 64
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 193.213.112.4 130.67.15.198 10.0.0.1
TCP: Interfaces\{6AEB3A7E-A53C-438D-952C-A4E05642012C} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{8F2CFFD7-BA35-45E9-A3FF-489215B3F3E2} : DHCPNameServer = 193.213.112.4 130.67.15.198 10.0.0.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 91.206.200.221
Hosts: 0.0.0.0 bidtraffic.ru
Hosts: 0.0.0.0 bir3yka.narod2.ru
Hosts: 0.0.0.0 enet.vn.ua
Hosts: 0.0.0.0 rax.ru
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-6-7 565528]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-6-7 23832]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-1-2 63904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-11-29 239616]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-6-7 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-7 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-6-7 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.09\AsusFanControlService.exe [2012-6-7 1406080]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-6-7 7168]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-6 171688]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-2 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-9-20 105448]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-2 3666392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-2 2729432]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-2 171928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2012-6-7 26136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-2 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-6-6 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-2 701512]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2012-6-9 12032]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\System32\drivers\rzdaendpt.sys [2012-7-31 26112]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-10-11 166400]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-7-31 22528]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2008-5-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2008-5-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2008-5-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2008-5-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2008-5-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2008-5-16 151592]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);C:\Windows\System32\drivers\s1039bus.sys [2010-3-1 127600]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;C:\Windows\System32\drivers\s1039mdfl.sys [2010-3-1 19568]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;C:\Windows\System32\drivers\s1039mdm.sys [2010-3-1 161904]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1039mgmt.sys [2010-3-1 141424]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1039nd5.sys [2010-3-1 34416]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1039obex.sys [2010-3-1 137328]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1039unic.sys [2010-3-1 158320]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-23 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-23 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-6 745368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2012-6-9 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-6 1255736]
.
=============== File Associations ===============
.
FileExt: .bat: Applications\cmd.exe="C:\Windows\System32\cmd.exe" "%1" [userChoice]
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .inf: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-01-04 22:45:29 -------- d-----w- C:\Users\petter_n\AppData\Roaming\ParetoLogic
2014-01-04 22:45:29 -------- d-----w- C:\Users\petter_n\AppData\Roaming\DriverCure
2014-01-04 22:45:23 -------- d-----w- C:\ProgramData\ParetoLogic
2014-01-04 20:16:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2114447-0415-4BB7-8B66-2B4995FD0D4D}\mpengine.dll
2014-01-03 20:06:29 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-02 20:16:21 -------- d-----w- C:\Users\petter_n\AppData\Roaming\library_dir
2014-01-02 20:16:09 -------- d-----w- C:\Users\petter_n\AppData\Roaming\Raptr
2014-01-02 20:16:09 -------- d-----w- C:\Program Files (x86)\Raptr
2014-01-02 20:16:05 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-01-02 20:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-01-02 20:15:11 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-01-02 20:15:09 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-01-02 20:14:52 -------- d-----w- C:\ProgramData\Package Cache
2014-01-02 20:14:38 -------- d-----w- C:\Program Files\ATI Technologies
2014-01-02 20:14:31 -------- d-----w- C:\Program Files\ATI
2014-01-02 12:13:04 -------- d-----w- C:\Users\petter_n\AppData\Roaming\Malwarebytes
2014-01-02 12:12:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-02 12:12:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-02 12:12:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 10:43:34 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-02 10:43:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-01-02 10:43:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 19:03:42 -------- d-----w- C:\ProgramData\Orbit
2013-12-25 18:58:21 522776 ----a-w- C:\Windows\SysWow64\scrypt130511Tahitiglg2tc4032w64l4.bin
2013-12-25 18:39:04 -------- d--h--w- C:\Users\petter_n\AppData\Roaming\Origin
2013-12-21 14:47:16 -------- d-----w- C:\Users\petter_n\AppData\Roaming\.minecraft
2013-12-11 17:25:47 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 17:25:47 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 17:25:46 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 17:25:46 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 17:15:32 197120 ----a-w- C:\Windows\System32\credui.dll
2013-12-11 17:14:58 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-11 17:14:58 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-11 17:14:58 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-11 17:14:58 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-11 17:14:58 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-11 17:14:58 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-11 17:14:58 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 17:14:58 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-11 17:14:51 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-12-11 17:14:51 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-12-11 17:14:51 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-12-11 17:14:51 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-12-11 17:14:51 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-12-08 14:05:51 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2669CF01-CB19-438E-9C68-66DC1238A534}\gapaengine.dll
.
==================== Find3M ====================
.
2096-07-08 16:17:24 92208 ----a-w- C:\Windows\SysWow64\WING.DLL
2096-07-08 16:17:24 92208 ----a-w- C:\Windows\system\WING.DLL
2096-07-08 16:17:24 6736 ----a-w- C:\Windows\SysWow64\WINGDIB.DRV
2096-07-08 16:17:24 5024 ----a-w- C:\Windows\SysWow64\WINGPAL.WND
2096-07-08 16:17:24 188960 ----a-w- C:\Windows\SysWow64\WINGDE.DLL
2096-07-08 16:17:24 12800 ----a-w- C:\Windows\SysWow64\WING32.DLL
2096-07-08 16:17:24 12800 ----a-w- C:\Windows\system\WING32.DLL
2013-12-17 14:51:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-17 14:51:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 17:59:40 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-11-29 17:59:16 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-11-29 17:58:30 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-11-29 17:58:30 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-11-29 17:58:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-11-29 17:58:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-11-29 17:55:02 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-11-29 17:54:38 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-11-29 17:53:44 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-11-29 17:53:20 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-11-29 17:52:34 1319064 ----a-w- C:\Windows\System32\aticfx64.dll
2013-11-29 17:51:42 1100728 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-11-29 17:50:42 9764088 ----a-w- C:\Windows\System32\atidxx64.dll
2013-11-29 17:50:16 8412680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-11-29 17:49:10 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-11-29 17:48:18 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-11-29 17:47:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-11-29 17:46:46 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-11-29 17:39:00 13201920 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-11-29 17:24:20 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-11-29 17:24:04 100352 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-11-29 17:23:56 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-11-29 17:23:50 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-11-29 17:23:46 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-11-29 17:23:26 29363712 ----a-w- C:\Windows\System32\amdocl64.dll
2013-11-29 17:21:02 24846848 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-11-29 17:18:56 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-11-29 17:18:50 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-11-29 17:13:48 129536 ----a-w- C:\Windows\System32\coinst_13.25.18.dll
2013-11-29 17:00:28 26350592 ----a-w- C:\Windows\System32\atio6axx.dll
2013-11-29 16:55:34 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-11-29 16:55:24 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-11-29 16:55:22 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-11-29 16:55:14 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-11-29 16:55:12 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-11-29 16:54:56 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-11-29 16:51:50 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-11-29 16:42:08 22156288 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-11-29 16:35:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-11-29 16:35:42 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-11-29 16:35:36 585216 ----a-w- C:\Windows\System32\atieclxx.exe
2013-11-29 16:34:42 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-11-29 16:33:10 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-11-29 16:05:04 1145344 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-11-29 16:04:52 825856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-11-29 16:04:36 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-11-29 16:04:32 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-11-29 16:04:32 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-11-29 16:04:26 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-11-29 16:04:18 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-11-29 16:04:08 624128 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-11-29 16:02:44 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-11-29 16:02:38 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-11-29 16:02:28 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-11-29 16:02:22 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-11-29 16:00:30 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-11-29 11:34:58 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-11-29 11:29:56 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 06:37:16 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2013-11-15 06:37:14 149160 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-11-15 06:32:00 57344 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-11-15 06:32:00 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-11-15 06:31:58 834560 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-11-15 06:31:56 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2013-11-15 06:31:56 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 13:28:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 22:52:55,98 ===============

[mobile999]

Datamaskinen din har en bitcoinminer malware som sannsynligvis er distribuert via noe du har installert. Oppstartspunktet går ikke fram av loggen.

 

Har du installert noe programvare i det siste som kan ha vært fake eller fra "ikke legitim" kilde?

[MDCCLXXVI]

Var det ikke et spill-distrubisjonsnettverk som drev med dette for et par måneder tilbake siden?

[Naphoc]

Denne er synderen:

 

"C:\Windows\Temp\svchost.exe" -o http://p.0839f88ae61efaa3e91fdf5b732b242f.com:3334 -O trponilov.13s:13 --scrypt --no-submit-stale -I 12 -w 64

 

 

Det er en miner, som mobile999 sa. Kobler seg til lite.coin-pool med brukeren trponilov (som var den mest effektive mineren her i en god periode før poolet ble hijacket).

 

 

Dette er programmet (eventuelt en bit av hva) det kom med:

2013-12-25 18:58:21 522776 ----a-w- C:\Windows\SysWow64\scrypt130511Tahitiglg2tc4032w64l4.bin

 

 

Da denne karen er russisk (basert på posts han har gjort på diverse litecoin forum), vil jeg anta at addressene i hosts filen din også er relaterte.

[Naphoc]

I andre tilfeller har det vært en falsk Origin klient det har kommet med. Ser Origin ble installert på rundt samme tidspunktet.

[petter_n]

Takk for all respons så langt :-)

 

Har slettet den .bin filen som Naphoc nevner og så fant jeg en svchost.exe*32 i Task manager, når jeg killer den så detter gpu load til 0% med en gang. Restarter jeg maskina så er den tilbake. Hvordan finner jeg ut hva som starter den Processen ?.

[Syar-2003]

Sysinternals Process Explorer er best å bruke .

Bruk denne til å undersøke svchost. Da finner du ut hvilken offending dll det er som er blitt loadet og plassering og navnet av den dll.

Endret 7. januar 2014 av syar2003

[Syar-2003]

Dette er ondsinnet

C:\Windows\Explorer.EXE

 

Windows explorer.exe (den legale) ligger under C:\Windows\system32\

 

Den du har er droppet og kamuflert i annen lokasjon og loades via registry som windows shell .

[mobile999]

Dette er ondsinnet

C:\Windows\Explorer.EXE

 

Windows explorer.exe (den legale) ligger under C:\Windows\system32\

 

Dette er feil.

[mobile999]

Proscess Explorer har en boot logging funksjonalitet som kan brukes:

 

http://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool

 

 

Legg merke til at C:\Windows\system32\svchost.exe er en legitim fil, mens C:\Windows\Temp\svchost.exe er malwarefilen.

[Syar-2003]

Ja det er visst feil . Reagerte på caps i fil extension.

Og deretter denne som fikk meg av sporet.

http://www.datamaskin.biz/Systems/windows/213742.html#.UstMZn2UnMI

 

Alikevel explorer.extension kan være plassert hvor som helst innenfor PATH enviroment.

Default plass er Windows katalogen.

Endret 7. januar 2014 av syar2003

[petter_n]

Har prøvd meg på Proscess Explorer men finner ikke ut hvilke fil som lager ny svchost.exe i C:\Windows\Temp.

 

Skal sjekke ut noe jeg fant på Tom's hw i morgen, kommer tilbake med info om hvordan det gikk i morgen.

[mobile999]

Du kan evt. teste om malware prosessen dukker opp under diagnoseoppstart eller "clean boot":

 

http://support.microsoft.com/kb/929135

[petter_n]

Da har har jeg endelig greid å fjerne den. Fulgte denne lenken så gikk det bra.

Takker for all interesse og svar :-)