Garanti Skrevet 28. april 2008 Del Skrevet 28. april 2008 De siste månedene har maskinen min (en stasjonær dell) "sust seg opp" ved ujamne mellomrom, i tillegg til å være generelt treg. Har ikke lyst til å formatere ennå, så jeg poster disse loggene i håp om å inne eventuelle programmer som stjeler kraft. Når jeg mener "suse seg opp", så mener jeg at vifta på maskinen går på full guffe og leker jombojet. Har sjekket Task Manager når maskinen begynner å bråke. Dersom firefox står på er det ofte den som er synderen, kan ofte komme opp i 50-60%prosessorkraft, får droppe å bruke 3.0 inntil en stabil versjon kommer ut. Likevel hender det at viftene bråker like mye, uten at noen programmer stjeler nevneverdig prosessorkraft. Temperaturen i kabinettet er kanskje litt høy, men det har det alltid vært. Renset viftene for støv tidligere i forrige uke. SAS-logg Klikk for å se/fjerne innholdet nedenfor Kommer i morgen tidlig HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:21:40, on 28.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\M-Audio\Install\EvoInst.exe C:\Program Files\GCALDaemon\bin\wrapper.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\Logi_MwX.Exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DisplayFusion\DisplayFusion.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Hamachi\hamachi.exe c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [sB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GCALDaemon - Unknown owner - C:\Program Files\GCALDaemon\bin\wrapper.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 8591 bytes Combofix-logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-04-26.5 - Jørund 2008-04-28 2:24:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.483 [GMT 2:00] Running from: C:\Documents and Settings\Jørund\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dllcache\spoolsv.exe . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . 2008-04-28 02:22 . 2008-04-28 02:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-04-28 02:22 . 2008-04-28 02:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-28 02:22 . 2008-04-28 02:22 <DIR> d-------- C:\Documents and Settings\Jørund\Application Data\SUPERAntiSpyware.com 2008-04-28 02:22 . 2008-04-28 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-28 02:19 . 2008-04-28 02:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-28 01:39 . 2008-04-28 02:06 <DIR> d-------- C:\Documents and Settings\Jørund\.housecall6.6 2008-04-28 01:39 . 2008-04-28 02:06 <DIR> d-------- C:\Documents and Settings\Jørund\.housecall6.6 2008-04-28 00:59 . 2008-04-28 00:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-28 00:59 . 2008-04-28 00:59 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-26 22:09 . 2008-04-26 22:09 510 --a------ C:\sgc 2008-04-25 22:21 . 2008-04-25 22:21 510 --a------ C:\s22g 2008-04-21 17:44 . 2008-04-21 17:44 <DIR> d-------- C:\Program Files\SpeedFan 2008-04-21 17:04 . 2008-04-21 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania 2008-04-21 17:00 . 2008-04-21 17:03 <DIR> d-------- C:\Program Files\TmNationsForever 2008-04-21 16:56 . 2008-04-21 16:56 510 --a------ C:\s2r0 2008-04-14 03:50 . 2008-04-14 03:50 <DIR> d-------- C:\Documents and Settings\Jørund\Application Data\JAM Software 2008-04-13 02:32 . 2003-12-17 09:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll 2008-04-13 02:32 . 2004-01-08 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL 2008-04-13 02:32 . 2004-01-08 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL 2008-04-13 02:32 . 2003-12-17 09:50 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys 2008-04-13 02:32 . 2003-12-17 09:50 51,729 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS 2008-04-13 02:32 . 2003-12-17 09:50 25,505 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys 2008-04-13 02:32 . 2003-12-17 09:50 23,375 --------- C:\WINDOWS\system32\LCOINST.DLL 2008-04-13 02:32 . 2003-12-17 09:50 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE 2008-04-13 02:32 . 2004-01-08 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL 2008-04-13 02:32 . 2004-01-08 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL 2008-04-13 02:11 . 2008-04-13 02:11 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26} 2008-04-13 02:06 . 2008-04-13 02:06 <DIR> d-------- C:\Program Files\Stardock Games 2008-04-12 20:36 . 2008-04-12 20:36 510 --a------ C:\s2ag . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-28 00:28 --------- d-----w C:\Documents and Settings\Jørund\Application Data\Hamachi 2008-04-28 00:06 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-04-27 22:04 --------- d-----w C:\Documents and Settings\Jørund\Application Data\OpenOffice.org2 2008-04-27 16:55 --------- d-----w C:\Documents and Settings\Jørund\Application Data\WTablet 2008-04-27 16:20 --------- d-----w C:\Documents and Settings\Jørund\Application Data\Launchy 2008-04-27 00:36 --------- d-----w C:\Documents and Settings\Jørund\Application Data\Skype 2008-04-26 11:32 --------- d-----w C:\Program Files\Mozilla Sunbird 2008-04-25 20:21 --------- d-----w C:\Program Files\Java 2008-04-22 21:28 --------- d-----w C:\Documents and Settings\Jørund\Application Data\Azureus 2008-04-17 23:08 --------- d-----w C:\Program Files\Azureus 2008-04-13 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-13 00:32 --------- d-----w C:\Program Files\Logitech 2008-04-12 21:53 --------- d-----w C:\Documents and Settings\Jørund\Application Data\Apple Computer 2008-04-07 17:12 --------- d-----w C:\Program Files\Steam 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-14 20:09 42 ----a-w C:\mappestruktur.bat 2008-01-28 22:23 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll 2008-01-28 22:23 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll 2004-08-17 00:56 45,056 ----a-w C:\Program Files\mozilla firefox\plugins\SVG3ACE.dll 2004-08-03 21:42 921,600 ----a-w C:\Program Files\mozilla firefox\plugins\SVG3AGM.dll 2004-08-03 21:42 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\SVG3BIB.dll 2004-08-03 21:42 933,888 ----a-w C:\Program Files\mozilla firefox\plugins\SVG3CT.dll 2004-08-31 21:24 1,945,670 ----a-w C:\Program Files\mozilla firefox\plugins\SVGCore.dll 2004-10-26 00:27 12,288 ----a-w C:\Program Files\mozilla firefox\plugins\SVGRSRC.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SB Audigy 2 Startup Menu"=" /L:ENG" [] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920] "DisplayFusion"="C:\Program Files\DisplayFusion\DisplayFusion.exe" [2007-12-05 22:09 242688] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152] "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056] "CTHelper"="CTHELPER.EXE" [2003-02-21 00:45 28672 C:\WINDOWS\system32\CTHELPER.EXE] "AsioReg"="REGSVR32.exe" [2004-08-04 14:00 11776 C:\WINDOWS\system32\regsvr32.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\J›rund\Start Menu\Programs\Startup\ Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2007-12-21 23:21:24 624416] Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-02 23:26:10 106496] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-08-19 02:40:09 552960] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 00000000 [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= evolusbn.dll "midi6"= evolusbn.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-04-04 14:20 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "nTuneService"=2 (0x2) "iPod Service"=3 (0x3) "wampmysqld"=3 (0x3) "wampapache"=3 (0x3) "idsvc"=3 (0x3) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "46027:TCP"= 46027:TCP:utorrent "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 EvoInstallerService;M-Audio Installer;C:\Program Files\M-Audio\Install\EvoInst.exe [2005-03-08 12:19] R2 GCALDaemon;GCALDaemon;"C:\Program Files\GCALDaemon\bin\wrapper.exe" -s "C:\Program Files\GCALDaemon\conf\nt-service.cfg" [] R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 12:40] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 23:38] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] R3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice [] R3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 15:08] S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys [] S3 EVOLUSB;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys [2004-10-20 17:50] S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 09:50] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{833d5180-ef69-11db-bcfa-ab55eae8f3fd}] \Shell\AutoRun\command - L:\kakemonster.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85969e34-c62b-11dc-abbe-00111121d330}] \Shell\AutoRun\command - F:\lenovobatteryreplacementpackage(2).exe *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2008-03-01 11:43:30 C:\WINDOWS\Tasks\01 Jerusalem.job" - C:\Documents and Settings\Jørund\My Documents\My Music\iTunes\iTunes Music\Emerson, Lake & Palmer\Brain Salad Surgery\01 Jerusalem.mp3 "2008-04-26 15:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 02:30:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 18 ************************************************************************** . Completion time: 2008-04-28 2:35:06 ComboFix-quarantined-files.txt 2008-04-28 00:34:35 Pre-Run: 17,103,982,592 bytes free Post-Run: 23,423,774,720 bytes free 195 --- E O F --- 2008-04-13 03:11:42 Lenke til kommentar
norbat Skrevet 28. april 2008 Del Skrevet 28. april 2008 Kan det være ViewpointService som kanskje surrer i bakgrunnen? Har du selv installert dette programmet eller har det bare fulgt med noe annet? Hvis, så kan du fjerne det: Fra legg til/fjern programmer: Viewpoint, Viewpoint Manager og/eller Viewpoint Media Player. Sørg for at tjenesten ikke blir liggende igjen: Skriv: services.msc i kjør-feltet Finn tjenesten Viewpoint Manager Service, og stopp den om den kjører Dobbeltklikk på tjenesten og sett oppstartstype til Deaktivert. Hvis mappene ligger igjen, slett dem: C:\Program Files\ViewManager C:\Program Files\Viewpoint Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå