SemikolonP Skrevet 28. mai 2008 Del Skrevet 28. mai 2008 Skjer med det? Jeg er jo bare på forum og msn. :S Jeg har to kjerner, for de som ikke visste det Irriterende. For det første har jeg laptop, og det er veldig irriterende når vifta står på full pine hele tiden. For det andre er det dritt å bruke halve CPU-en på å gjøre ingenting. Lenke til kommentar
Programvare Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 Lang bump, men det står noen gode råd her. Lenke til kommentar
snippsat Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" Post HijackThis.txt Tar dette først,det ingen problemer og finne ut hva som explorer jobber med. Dette tar vi senere viss du ikke har noe grums. Bruker da process explorer kan sette den opp symbols og gå inn i stack for og finne eksakt hva explorer driver med. Endret 21. juni 2008 av SNIPPSAT Lenke til kommentar
SemikolonP Skrevet 21. juni 2008 Forfatter Del Skrevet 21. juni 2008 Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:07:49, on 21.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe D:\fah\FAH504-Console.exe D:\fah2\FAH504-Console.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\fah\FahCore_78.exe D:\fah2\FahCore_82.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\relevantknowledge\rlvknlg.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FAH@D:+fah+FAH504-Console.exe - Stanford University - D:\fah\FAH504-Console.exe O23 - Service: FAH@D:+fah2+FAH504-Console.exe - Stanford University - D:\fah2\FAH504-Console.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4883 bytes Lenke til kommentar
emineem Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 prøv å oppdater explorer til 7. hvis ikke dette funker prøv å skift webbrowser Lenke til kommentar
snippsat Skrevet 21. juni 2008 Del Skrevet 21. juni 2008 (endret) Ja det er noe grums som må fixes opp i. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt prøv å oppdater explorer til 7. hvis ikke dette funker prøv å skift webbrowser Så var det og og se forskjell på iexplorer.exe og explorer.exe Endret 21. juni 2008 av SNIPPSAT Lenke til kommentar
SemikolonP Skrevet 21. juni 2008 Forfatter Del Skrevet 21. juni 2008 Ja det er noe grums som må fixes opp i. Å jasså? Last Combofix ned ,legg på skrivebordet.Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Klikk for å se/fjerne innholdet nedenfor ComboFix 08-06-20.4 - k3bab 2008-06-21 23:25:25.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1550 [GMT 2:00] Running from: C:\Documents and Settings\k3bab\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))) . 2008-06-21 23:18 . 2008-06-21 23:18 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-06-21 23:18 . 2008-06-21 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-06-21 11:48 . 2008-06-21 11:48 <DIR> d-------- C:\Program Files\Audacity 2008-06-21 11:10 . 2008-06-21 11:10 <DIR> d-------- C:\Program Files\Lavasoft 2008-06-21 11:10 . 2008-06-21 11:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-21 11:10 . 2008-06-21 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-21 11:07 . 2008-06-21 11:07 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-21 11:04 . 2008-06-21 11:05 <DIR> d-------- C:\Program Files\Winamp 2008-06-21 11:04 . 2008-06-21 11:06 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\Winamp 2008-06-21 00:29 . 2008-06-21 00:29 <DIR> d-------- C:\Program Files\RealVNC 2008-06-20 21:07 . 2008-06-20 21:07 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\CyberLink 2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Program Files\CyberLink 2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-06-20 21:03 . 2008-06-21 00:07 <DIR> d-------- C:\Program Files\RelevantKnowledge 2008-06-20 21:03 . 2008-06-20 21:03 <DIR> d-------- C:\Program Files\ffdshow 2008-06-20 21:03 . 2008-06-20 21:04 <DIR> d-------- C:\Program Files\Cliprex DVD Player Professional 2008-06-20 21:03 . 2008-06-20 21:03 <DIR> d-------- C:\Program Files\AC3Filter 2008-06-20 21:03 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl 2008-06-20 20:50 . 2008-06-20 20:52 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\dvdcss 2008-06-20 13:19 . 2008-06-20 13:19 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\vlc 2008-06-20 12:52 . 2008-06-20 12:52 <DIR> d-------- C:\Program Files\VideoLAN 2008-06-19 18:58 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-06-19 18:58 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-06-19 12:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-19 12:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-19 12:03 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-18 23:53 . 2008-06-18 23:53 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\Apple Computer 2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Program Files\QuickTime 2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-18 23:33 . 2008-06-18 23:33 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-18 23:33 . 2008-06-18 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-18 23:28 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys 2008-06-18 23:28 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll 2008-06-18 23:28 . 2005-11-01 17:54 51,584 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys 2008-06-18 23:28 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys 2008-06-18 23:28 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll 2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\Program Files\MSBuild 2008-06-18 20:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-06-18 20:55 . 2008-06-18 20:55 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-06-18 20:49 . 2008-06-18 20:50 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-06-18 20:49 . 2008-06-18 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-06-18 19:15 . 2008-06-18 19:16 <DIR> d-------- C:\Program Files\CESAM-Flash 2008-06-18 19:14 . 2008-06-18 19:14 <DIR> d-------- C:\Documents and Settings\k3bab\WINDOWS 2008-06-18 19:14 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe 2008-06-18 19:10 . 2008-06-18 19:10 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-18 19:07 . 2008-06-18 19:07 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\DAEMON Tools 2008-06-18 19:07 . 2008-06-18 19:07 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-18 18:17 . 2008-06-18 18:42 <DIR> d-------- C:\Documents and Settings\k3bab\Contacts 2008-06-18 18:16 . 2008-06-18 18:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-06-18 18:08 . 2008-06-18 18:16 <DIR> d-------- C:\Program Files\Windows Live 2008-06-18 18:08 . 2008-06-18 18:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-18 18:08 . 2008-06-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-18 16:57 . 2008-06-18 16:57 <DIR> d-------- C:\Program Files\HyCam2 2008-06-18 15:17 . 2008-06-18 16:07 <DIR> d-------- C:\Documents and Settings\k3bab\.housecall6.6 2008-06-18 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys 2008-06-18 13:34 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys 2008-06-18 13:34 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-06-18 13:34 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-06-18 13:34 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-06-18 13:34 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-06-18 13:33 . 2008-06-18 13:33 <DIR> d-------- C:\Program Files\LimeWire 2008-06-18 13:32 . 2008-06-18 13:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark 2008-06-18 13:32 . 2008-06-18 13:32 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-06-18 13:32 . 2008-06-18 13:32 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-06-18 13:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-06-18 13:32 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-06-18 13:32 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-06-18 13:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-06-18 13:30 . 2008-06-18 13:30 <DIR> d-------- C:\Program Files\RivaTuner v2.09 2008-06-18 13:30 . 2008-06-18 13:30 <DIR> d-------- C:\Program Files\Futuremark 2008-06-18 08:52 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-06-18 08:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-06-17 22:34 . 2008-06-21 10:01 <DIR> d-------- C:\Program Files\SpeedFan 2008-06-17 22:34 . 2008-06-17 22:34 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\WINDOWS\Sun 2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\Program Files\SystemRequirementsLab 2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\SystemRequirementsLab 2008-06-17 22:00 . 2008-06-17 22:00 <DIR> d-------- C:\Program Files\Java 2008-06-17 22:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-17 21:56 . 2008-06-17 21:56 <DIR> d-------- C:\Program Files\Common Files\Java 2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d---s---- C:\Documents and Settings\k3bab\UserData 2008-06-17 21:45 . 2008-06-17 21:45 <DIR> d-------- C:\NVIDIA 2008-06-17 19:33 . 2008-06-17 19:34 <DIR> d-------- C:\Program Files\CONEXANT 2008-06-17 19:33 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2008-06-17 19:33 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys 2008-06-17 19:28 . 2008-06-20 21:06 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-06-17 19:28 . 2008-06-17 19:28 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-06-17 19:00 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-17 19:00 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-17 18:52 . 2008-06-20 20:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-17 18:52 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-06-17 13:01 . 2008-06-17 13:06 <DIR> d-------- C:\WINDOWS\nview 2008-06-17 13:01 . 2008-06-20 21:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-06-17 13:01 . 2008-03-26 12:30 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-06-17 13:01 . 2007-05-23 04:35 111,544 --a------ C:\WINDOWS\system32\nvapps.xml 2008-06-17 13:01 . 2007-05-23 04:35 17,431 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 12:47 --------- d-----w C:\Program Files\Alwil Software 2008-06-17 10:49 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS 2008-06-17 10:49 --------- d-----w C:\Program Files\Broadcom 2008-06-17 10:49 --------- d-----w C:\Documents and Settings\k3bab\Application Data\InstallShield 2008-06-17 10:41 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-23 04:35 8433664] "nwiz"="nwiz.exe" [2007-05-23 04:35 1626112 C:\WINDOWS\system32\nwiz.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\wscntfy.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\program files\\relevantknowledge\\rlvknlg.exe"= "C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 FAH@D:+fah+FAH504-Console.exe;FAH@D:+fah+FAH504-Console.exe;D:\fah\FAH504-Console.exe [2008-06-17 21:29] R2 FAH@D:+fah2+FAH504-Console.exe;FAH@D:+fah2+FAH504-Console.exe;D:\fah2\FAH504-Console.exe [2008-06-17 21:29] S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 13:54] S3 WMI_MFC_TPSHOKER_80;WMI_MFC_TPSHOKER_80;C:\WINDOWS\system32\drivers\eiikgl.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - UMWDF . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 23:26:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ServiceDll"="C:\WINDOWS\system32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+fah+FAH504-Console.exe] "ImagePath"="D:\fah\FAH504-Console.exe -svcstart" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+fah2+FAH504-Console.exe] . Completion time: 2008-06-21 23:27:41 ComboFix-quarantined-files.txt 2008-06-21 21:27:39 Pre-Run: 10,089,500,672 bytes free Post-Run: 10,137,272,320 bytes free 180 --- E O F --- 2008-06-20 18:54:30 Btw: Kom akkurat til å tenke på at jeg la inn XP på nytt før Vintermåne svarte i tråden. Men har ikke noe imot å få fikset eventuelle problemer Lenke til kommentar
snippsat Skrevet 22. juni 2008 Del Skrevet 22. juni 2008 Hmm et spørsmål søk og se om du har denne filen. C:\program files\relevantknowledge\rlvknlg.exe Du har lagd inn win på har du problemer med explorer ennå? Lenke til kommentar
SemikolonP Skrevet 22. juni 2008 Forfatter Del Skrevet 22. juni 2008 Hmm et spørsmål søk og se om du har denne filen.C:\program files\relevantknowledge\rlvknlg.exe Den fila finnes Du har lagd inn win på har du problemer med explorer ennå? Kan i hvert fall ikke huske at jeg har opplevd noe problemer med at explorer.exe spiser cpu, men som sagt har jeg ingenting imot å friske opp systemet litt. Lenke til kommentar
snippsat Skrevet 22. juni 2008 Del Skrevet 22. juni 2008 (endret) Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked. O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot --- Restart --- Slett fil C:\program files\relevantknowledge\rlvknlg.exe --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte) --- Da er du ren når det gjelder malware. Du får melde fra om explorer.exe forsatt bruker av cpu. Da går vi videre og finner ut av det. Endret 22. juni 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå