PC slår seg av etter 10 min

Camron · 6. mars 2008

Som sagt i topic, slår PC-en min seg av etter ca. 10 min fra oppstart. Det ble slik etter jeg kom hjem igjen fra et LAN. Jeg får bluescreen i et nanosekund, før maskinen starter på nytt.

Noen som har peiling på hva det kan være?

Legger til en hijackthis-log, bare i tilfelle.

Logfile of HijackThis v1.99.1

Scan saved at 21:56:13, on 06.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

D:\Programfiler\UltraMon\UltraMon.exe

D:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

D:\Programfiler\UltraMon\UltraMonTaskbar.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

D:\Programfiler\Opera\Opera.exe

D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Programfiler\WinRAR\WinRAR.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\DOCUME~1\Maziar\LOKALE~1\Temp\Rar$EX07.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programfiler\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [ultraMon] "D:\Programfiler\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: HP Utklippsbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart valgmetode - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programfiler\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: app_filter - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Programfiler\LogMeIn\x86\LogMeIn.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

Endret 6. mars 2008 av Camron

moijk · 6. mars 2008

Som sagt i topic, slår PC-en min seg av etter ca. 10 min fra oppstart. Det ble slik etter jeg kom hjem igjen fra et LAN. Jeg får bluescreen i et nanosekund, før maskinen starter på nytt.

Noen som har peiling på hva det kan være?

Legger til en hijackthis-log, bare i tilfelle.

cpu-vifte eller lignende har ikke løsnet/ramlet av/ikke i drift? hvordan er temperaturen på de forskjellige ting?

Camron · 6. mars 2008

CPU-viften kjører og går som vanlig, alle temperaturene er slik de alltid har vært.

Kan legge til at rett før PC-en rebooter kommmer det opp: "En nettverkskabel har koblet fra", nederst i høyre hjørne.

snippsat · 6. mars 2008

Start HijackThis finn disse linjene merk dem,så trykk fixed checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

Loggen ser grei ut den.

Det er en ting du skal gjør.

NetworkAccessManager eller nvidia firewall denne skal bort.

Lager ikke annet enn krøll og ikke noe for seg.

Så uninstall denne.

Kan kjøre en test til.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Stop code på blåskjerm må du ta med.

Nå er det lagd en guide for dette ligger som sticky øverst.

Når dette gjort restart og en ny HijackThis logg.

Camron · 7. mars 2008

Jeg skal gjøre dette så fort jeg kommer hjem fra skolen! Håper så inderlig at det funker.

Camron · 7. mars 2008

Da har jeg kjørt Combofix, og gjort alt det andre du sa.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\AutoRun.inf

F:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))

.

2008-03-06 23:54 . 2008-03-06 23:54 244 --ah----- C:\sqmnoopt01.sqm

2008-03-06 23:54 . 2008-03-06 23:54 232 --ah----- C:\sqmdata01.sqm

2008-03-02 16:17 . 2008-03-03 13:51 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-03-02 02:05 . 2008-03-02 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-03-02 01:55 . 2008-03-02 01:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-02-28 18:21 . 2008-02-28 18:21 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-02-28 12:24 . 2008-02-28 12:24 <DIR> d--h----- C:\WINDOWS\PIF

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Start-meny

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Skrivere

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Skrivebord

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Siste

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Programdata

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Mine dokumenter

2008-02-27 15:19 . 2008-02-21 19:57 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Maler

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Lokale innstillinger

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Favoritter

2008-02-27 15:19 . 2008-02-21 20:51 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\AndrMask

2008-02-26 15:24 . 2008-02-26 15:24 <DIR> d-------- C:\WINDOWS\Sun

2008-02-26 15:15 . 2008-03-02 00:21 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\mIRC

2008-02-25 17:11 . 2008-02-25 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WEBREG

2008-02-25 17:09 . 2008-02-25 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Hewlett-Packard

2008-02-25 17:09 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll

2008-02-25 17:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-25 17:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-25 17:07 . 2008-02-26 16:52 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\HPAppData

2008-02-25 17:07 . 2008-02-25 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HPSSUPPLY

2008-02-25 17:06 . 2008-02-25 17:06 <DIR> d-------- C:\Programfiler\Hewlett-Packard

2008-02-25 17:06 . 2008-02-25 17:06 <DIR> d-------- C:\Programfiler\Fellesfiler\HP

2008-02-25 17:06 . 2008-02-25 17:06 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-02-25 17:06 . 2008-02-25 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP Product Assistant

2008-02-25 17:06 . 2008-02-25 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\HP

2008-02-25 17:06 . 2007-03-31 06:07 267,864 --a------ C:\WINDOWS\system32\hpzids01.dll

2008-02-25 17:05 . 2008-02-25 17:07 <DIR> d-------- C:\Programfiler\HP

2008-02-25 17:05 . 2007-03-18 07:11 675,840 --a------ C:\WINDOWS\system32\hpowiax3.dll

2008-02-25 17:05 . 2007-03-18 07:11 569,344 --a------ C:\WINDOWS\system32\hpotscl3.dll

2008-02-25 17:05 . 2007-03-18 07:11 303,104 --a------ C:\WINDOWS\system32\hpovst10.dll

2008-02-25 17:05 . 2008-02-25 17:10 151,819 --a------ C:\WINDOWS\hpoins14.dat

2008-02-25 17:05 . 2007-09-20 17:18 2,000 --------- C:\WINDOWS\hpomdl14.dat

2008-02-25 16:01 . 2005-10-21 19:58 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-02-25 16:01 . 2005-10-21 19:58 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-02-25 15:59 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-02-25 15:59 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-02-25 15:59 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-25 15:59 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-02-25 13:19 . 2008-02-25 13:19 382 --a------ C:\WINDOWS\ODBC.INI

2008-02-25 13:17 . 2008-02-25 13:17 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\Microsoft Web Folders

2008-02-25 13:06 . 2008-02-25 13:06 <DIR> d-------- C:\Programfiler\Microsoft Works Suite 2000

2008-02-22 18:42 . 2008-02-22 18:42 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\dvdcss

2008-02-22 18:14 . 2008-03-07 08:10 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\AVG7

2008-02-22 18:14 . 2008-02-22 18:14 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7

2008-02-22 18:14 . 2008-02-22 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft

2008-02-22 18:14 . 2008-02-23 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7

2008-02-22 18:14 . 2008-02-22 18:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-02-22 18:02 . 2008-02-22 18:02 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-02-22 17:57 . 2008-03-06 21:07 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-02-22 17:33 . 2008-02-22 17:33 <DIR> d-------- C:\Programfiler\Skype

2008-02-22 17:33 . 2008-02-22 17:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-02-22 17:33 . 2008-03-04 20:24 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\Skype

2008-02-22 17:33 . 2008-02-22 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-02-22 17:11 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll

2008-02-22 17:11 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-02-22 17:11 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2008-02-22 17:11 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll

2008-02-22 17:07 . 2008-02-22 17:07 <DIR> d-------- C:\Programfiler\MSBuild

2008-02-22 17:07 . 2008-02-25 13:19 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-02-22 17:06 . 2008-02-22 17:06 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-02-22 17:05 . 2008-02-25 13:18 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-02-22 17:04 . 2008-02-28 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-02-22 17:02 . 2007-05-13 12:24 86,683 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-02-22 16:58 . 2008-02-22 16:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero

2008-02-22 16:56 . 2008-02-22 16:56 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2008-02-22 16:56 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-02-22 16:56 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-02-22 16:56 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-02-22 16:56 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-02-22 16:56 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-02-22 16:56 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-02-22 16:52 . 2008-03-06 05:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\DVD Shrink

2008-02-22 16:52 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl

2008-02-22 15:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-22 15:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-22 15:33 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-22 07:55 . 2008-02-22 07:55 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-02-22 07:55 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-02-22 07:54 . 2008-02-22 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-02-22 07:54 . 2008-02-22 07:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-02-22 00:09 . 2008-03-02 02:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-02-22 00:08 . 2008-02-22 00:08 <DIR> d-------- C:\Programfiler\Java

2008-02-22 00:08 . 2008-02-22 00:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-02-22 00:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-02-22 00:04 . 2008-02-22 00:04 <DIR> d-------- C:\Programfiler\uTorrent

2008-02-22 00:04 . 2008-03-06 15:33 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\uTorrent

2008-02-22 00:03 . 2008-02-22 00:03 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\DAEMON Tools

2008-02-22 00:03 . 2008-02-22 00:03 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-02-22 00:02 . 2008-02-22 00:02 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\vlc

2008-02-21 23:48 . 2008-02-21 23:48 <DIR> d-------- C:\Programfiler\QuickTime

2008-02-21 23:48 . 2008-02-21 23:48 <DIR> d-------- C:\Programfiler\iPod

2008-02-21 23:48 . 2008-02-21 23:48 <DIR> d-------- C:\Programfiler\Bonjour

2008-02-21 23:48 . 2008-02-21 23:48 <DIR> d-------- C:\Documents and Settings\Maziar\Programdata\Apple Computer

2008-02-21 23:48 . 2008-02-21 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-07 07:17 --------- d-----w C:\Programfiler\NVIDIA Corporation

2008-02-25 12:17 --------- d-----w C:\Programfiler\microsoft frontpage

2008-02-22 16:40 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-02-21 19:56 8 ----a-w C:\DFIMB.DAT

2008-02-21 19:51 --------- d-----w C:\Programfiler\Realtek Sound Manager

2008-02-21 19:51 --------- d-----w C:\Programfiler\AvRack

2008-02-21 19:49 --------- d-----w C:\Programfiler\ATI Technologies

2008-02-21 19:39 --------- d-----w C:\Programfiler\Fellesfiler\NVIDIA Shared

2008-02-21 19:39 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-02-21 19:31 --------- d-----w C:\Programfiler\Marvell

2008-02-21 18:59 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-02-21 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-02-18 10:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MessengerPlus3"="D:\Programfiler\MessengerPlus! 3\MsgPlus.exe" [2008-02-21 23:20 190024]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 17:53 131072]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:19 32768]

"UltraMon"="D:\Programfiler\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="D:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Adobe Reader Speed Launcher"="D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-22 18:15 579072]

"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2004-12-01 00:19 32768]

"AVG7_Run"="D:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-22 18:14 219136]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

ATI CATALYST System Tray.lnk - C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe [2004-12-01 00:19:42 32768]

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Microsoft Office.lnk - D:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-18 03:05:56 65588]

Microsoft Works Calendar Reminders.lnk - C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 09:53:00 53317]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"D:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"D:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"D:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"D:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"D:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"F:\\Div\\Ratiomaster\\RatioMaster-vs.exe"=

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Programfiler\Fellesfiler\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]

R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]

S2 LMIInfo;LogMeIn Kernel Information Provider;D:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

"2008-03-01 08:11:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-07 12:39:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-07 12:39:44

ComboFix-quarantined-files.txt 2008-03-07 11:39:37

.

2008-02-28 17:21:17 --- E O F ---

Nå slår den seg ikke av lengre, den har i hvertfall ikke gjort det hittil! Takk for all hjelp

Endret 7. mars 2008 av Camron

snippsat · 7. mars 2008

Poster du en ny hijackthis-log så får jeg sett om det noe rester som bør

fjernes.

Endret 7. mars 2008 av SNIPPSAT

Camron · 7. mars 2008

Ny hijackthis-log:

Logfile of HijackThis v1.99.1

Scan saved at 17:12:23, on 07.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

D:\Programfiler\UltraMon\UltraMon.exe

D:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

D:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programfiler\UltraMon\UltraMonTaskbar.exe

C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Programfiler\Opera\Opera.exe

D:\Programfiler\iTunes\iTunes.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\distnoted.exe

D:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\Maziar\LOKALE~1\Temp\Rar$EX00.672\HijackThis.exe