Problemer med CPU-heavy prosesser

[phoexo]

ComboFix-logg:

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-07-30.02 - HP_Administrator 2008-07-31 16:19:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1000 [GMT 2:00]

Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\HP_Administrator\Application Data\inst.exe

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\QHY3GBZN\interclick.com

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\QHY3GBZN\interclick.com\ud.sol

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\WINDOWS\system32\MSINET.oca

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))

.

 

2008-07-31 16:17 . 2008-07-31 16:17 <DIR> d-------- C:\Program Files\Trend Micro

2008-07-29 21:16 . 2008-07-29 21:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-07-16 13:16 . 2008-07-16 13:16 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Hasbro

2008-07-16 13:14 . 2003-08-07 09:56 32,768 --a------ C:\WINDOWS\REMOVE2K.EXE

2008-07-16 13:14 . 2006-04-06 16:48 26,880 --a------ C:\WINDOWS\system32\drivers\BopItU2U.sys

2008-07-16 13:11 . 2008-07-16 13:11 <DIR> d-------- C:\Program Files\Hasbro

2008-07-16 01:09 . 2008-07-16 01:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-07-14 15:51 . 2008-07-14 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE

2008-07-14 15:48 . 2008-07-14 15:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\GlobalSCAPE

2008-07-14 15:47 . 2008-07-14 15:47 <DIR> d-------- C:\Program Files\GlobalSCAPE

2008-07-14 02:43 . 2008-07-14 02:43 <DIR> d-------- C:\Program Files\ImTOO

2008-07-14 02:37 . 2008-07-14 02:37 <DIR> d-------- C:\Program Files\Red Kawa

2008-07-14 02:37 . 2008-07-14 02:37 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-07-14 02:08 . 2008-07-14 02:08 <DIR> d-------- C:\Program Files\iPod

2008-07-14 00:09 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-04 05:22 . 1994-12-06 01:00 92,208 -ra------ C:\WINDOWS\system32\WING.DLL

2008-07-04 05:22 . 1994-12-06 01:00 12,800 -ra------ C:\WINDOWS\system32\WING32.DLL

2008-07-02 01:22 . 2008-07-02 01:22 <DIR> d-------- C:\Program Files\WinPcap

2008-07-02 01:21 . 2008-07-04 05:28 <DIR> d-------- C:\Program Files\Cain

2008-06-27 12:40 . 2000-10-03 15:54 2,998 --a------ C:\WINDOWS\setup.ico

2008-06-27 12:37 . 2008-06-27 12:37 <DIR> d-------- C:\Program Files\Sierra On-Line

2008-06-27 12:37 . 2008-06-27 12:58 <DIR> d-------- C:\Impressions Games

2008-06-27 12:37 . 2008-06-27 12:46 322 --a------ C:\WINDOWS\SIERRA.INI

2008-06-25 19:41 . 2008-06-25 19:41 <DIR> d-------- C:\Program Files\ZC2.10

2008-06-18 20:00 . 2008-06-18 20:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SPORE Creature Creator

2008-06-18 19:57 . 2008-06-18 19:57 <DIR> d-------- C:\Program Files\Electronic Arts

2008-06-16 00:33 . 2008-06-16 00:33 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe

2008-06-15 13:36 . 2008-06-15 13:36 <DIR> d-------- C:\Program Files\Alvas.Net

2008-06-14 22:36 . 2008-06-14 22:36 <DIR> d-------- C:\Program Files\Common Files\Merge Modules

2008-06-11 01:01 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 01:01 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-09 14:28 . 2008-06-16 22:34 <DIR> d-------- C:\Program Files\WarRock

2008-06-07 13:06 . 2008-06-07 13:06 <DIR> d-------- C:\Program Files\LimeWire

2008-06-06 14:34 . 2008-06-06 14:36 <DIR> d-------- C:\Program Files\Common Files\3DO Shared

2008-06-06 14:34 . 2008-06-06 14:34 <DIR> d-------- C:\Program Files\3DO

2008-06-02 23:32 . 2008-06-02 23:32 <DIR> d-------- C:\Program Files\OpenAL

2008-06-02 22:00 . 2008-06-02 22:00 <DIR> d-------- C:\Program Files\Launchy

2008-06-02 22:00 . 2008-06-02 22:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Launchy

2008-06-02 02:20 . 2008-06-02 02:20 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp

2008-06-02 02:18 . 2008-06-18 22:07 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp

2008-06-02 02:15 . 2008-06-02 02:15 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp

2008-06-02 02:13 . 2008-06-18 22:07 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp

2008-06-02 02:11 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-06-02 02:06 . 2008-06-02 02:06 <DIR> d-------- C:\Program Files\Common Files\Stardock

2008-06-02 02:06 . 2008-06-02 02:20 <DIR> d-------- C:\Program Files\AlienGUIse

2008-06-02 02:06 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

2008-06-02 02:06 . 2008-06-02 02:06 56 --a------ C:\WINDOWS\wb.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-31 14:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-07-31 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-07-31 14:20 --------- d-----w C:\Program Files\Steam

2008-07-30 19:15 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Xfire

2008-07-30 17:05 --------- d-----w C:\Program Files\StepMania

2008-07-29 20:15 --------- d-s---w C:\Program Files\Xfire

2008-07-25 21:46 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-25 15:13 --------- d-----w C:\Program Files\World of Warcraft

2008-07-24 20:34 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype

2008-07-24 14:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\skypePM

2008-07-20 23:44 --------- d-----w C:\Program Files\Cheat Engine

2008-07-16 11:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-15 19:49 --------- d-----w C:\Program Files\mIRC

2008-07-14 14:04 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\FileZilla

2008-07-14 00:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer

2008-07-14 00:09 --------- d-----w C:\Program Files\iTunes

2008-07-13 22:15 --------- d-----w C:\Program Files\Bonjour

2008-07-13 22:14 --------- d-----w C:\Program Files\QuickTime

2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-05 14:20 --------- d-----w C:\Program Files\Cave Story Deluxe

2008-07-04 14:14 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire

2008-07-04 03:19 --------- d-----w C:\Program Files\Hasbro Interactive

2008-06-28 02:36 --------- d-----w C:\Program Files\Bethesda Softworks

2008-06-27 19:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 19:08 --------- d-----w C:\Program Files\Google

2008-06-16 20:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Web Page Maker V2

2008-06-14 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-06-14 20:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0

2008-06-14 13:35 --------- d-----w C:\Program Files\Opera

2008-06-11 12:37 --------- d-----w C:\Program Files\Last.fm

2008-06-10 16:40 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2

2008-06-09 22:23 --------- d-----w C:\Program Files\Clue

2008-06-08 10:38 --------- d-----w C:\Program Files\MSN Messenger

2008-06-08 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-29 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania

2008-05-27 23:36 61,952 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT

2008-05-16 16:47 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe

2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe

2008-03-29 15:55 22,328 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys

2008-03-13 16:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-12-17 01:55 26,624 --s---w C:\Documents and Settings\HP_Administrator\ctr.exe

2007-12-01 12:52 319 ----a-w C:\Documents and Settings\HP_Administrator\Launcher.bat

2007-10-28 13:41 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys

2007-05-18 13:55 32 ----a-r C:\Documents and Settings\All Users\hash.dat

2008-01-09 21:04 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-08 14:17 5724184]

"WhatPulse"="C:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 19:48 665600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 19:59 143360]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14 237568]

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 16:34 249856]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 00:11 49152]

"GDI32"="C:\Documents and settings\HP_Administrator\ctr.exe" [2007-12-17 03:55 26624]

"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 01:30 1687824]

"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 02:08 2094352]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]

"ftutil2"="ftutil2.dll" [2004-06-07 16:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]

 

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 04:51:46 27136]

PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-01-03 04:51:46 27136]

 

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-07-16 01:09:02 3050832]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-06-02 22:00:25 274432]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk

backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk

backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]

--a------ 2007-12-17 02:34 767232 C:\Program Files\TechSmith\Jing\Jing.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

--a------ 2007-04-17 14:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]

--a------ 2008-05-01 01:31 38128 C:\Program Files\NCSoft\Launcher\NCLauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]

--a------ 2007-10-19 13:25 2736384 C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-29 03:22 1271032 c:\Program Files\Steam\steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-05-20 23:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MySQL"=2 (0x2)

"Apache2.2"=2 (0x2)

"iPod Service"=3 (0x3)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

"AlwaysReady Power Message APP"=ARPWRMSG.EXE

"ToUcamVProperty"=C:\Program Files\Philips ToUcam Camera\VProperty.exe

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"

"VMware hqtray"="C:\Program Files\VMware\VMware Player\hqtray.exe"

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Soldat\\Soldat.exe"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Program Files\\Last.fm\\LastFM.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Documents and Settings\\HP_Administrator\\Desktop\\uTorrent.exe"=

"C:\\Program Files\\Starcraft\\StarCraft.exe"=

"C:\\Documents and Settings\\HP_Administrator\\Desktop\\ting fra praetox sin side\\Chat Program\\Server.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Documents and Settings\\HP_Administrator\\My Documents\\Mine mottatte filer\\gjengbrytern.exe"=

"C:\\Program Files\\Opera 9.5 alpha\\opera.exe"=

"C:\\Program Files\\Steam\\steamapps\\3cstasy69\\condition zero\\hl.exe"=

"C:\\Program Files\\Avant Browser\\avant.exe"=

"C:\\Program Files\\Steam\\steam.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"=

"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"=

"C:\\Innstalasjonsfiler\\CabalTemp\\ESTdnheadless.exe"=

"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\FileZilla Client\\filezilla.exe"=

"C:\\Program Files\\Cain\\Cain.exe"=

"C:\\Documents and Settings\\HP_Administrator\\Desktop\\AnarchyOnline_17.9.1-Large.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Steam\\steamapps\\phoexo\\condition zero\\hl.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24119:TCP"= 24119:TCP:BitComet 24119 TCP

"24119:UDP"= 24119:UDP:BitComet 24119 UDP

"3724:TCP"= 3724:TCP:Blizzard Downloader

"6112:TCP"= 6112:TCP:Blizzard Downloader

"48417:TCP"= 48417:TCP:µTorrent

"3306:TCP"= 3306:TCP:MySQL

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R2 IAANTMON;Intel® Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-21 19:58]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-09 23:00]

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 22:36]

R3 HomeQOS;HomeQOS Miniport;C:\WINDOWS\system32\DRIVERS\homeqos.sys [2004-01-20 22:09]

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 08:52]

R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 12:44]

S3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 14:04]

S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2007-12-27 06:45]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-10 09:35]

S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys []

S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

 

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-BitComet - C:\Program Files\BitComet\BitComet.exe

MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\u7o5ccta.default\

FF -: plugin - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\u7o5ccta.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program Files\Photosynth\Tech Preview\nppsynth.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 16:36:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\WINDOWS\ehome\ehrecvr.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\hp\KBD\kbd.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2008-07-31 16:56:15 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-31 14:56:08

 

Pre-Run: 20,508,999,680 bytes free

Post-Run: 21,204,525,056 byte ledig

 

349 --- E O F --- 2008-07-21 01:02:05

 

Jeg dropper SAS-loggen, for alt den inneholdt var cookies fra pr0n-sider. xD

 

HiJackThis-logg:

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:37:25, on 31.07.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\WhatPulse\WhatPulse.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\test.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"

O4 - HKLM\..\Run: [GDI32] C:\Documents and settings\HP_Administrator\ctr.exe

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WhatPulse] "C:\Program Files\WhatPulse\WhatPulse.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 11571 bytes

 

Det som hovedsaklig er problemet mitt er at prosesser som "RegistyCleaner.exe", "dumprep.exe", "MsMpEng.exe" etc noen ganger krever 50 % av CPU-en min, er disse malwares eller nødvendige programmer for PCen? Hvordan får jeg forhindret at de krever så sykt mye av CPU-en?

 

Noen andre som også krever litt, men som jeg ikke har peiling på hva er/brukes til er f.eks. "PunkBstrA.exe" og "PunkBstrB.exe", er disse punkbusters (Som brukes i Wolfenstein:ET og andre spill)? Jeg har jo ikke engang spillet oppe, hvorfor kjører de da?

 

Eller "wmware-authd.exe", den kom sikkert da jeg drev med WMware+ubuntu, hvordan får jeg fjernet den uten å avinstallere programmet?

 

"AppleMobileDeviceService.exe" er en prosess som kom lenge før jeg i det hele tatt hadde noe av Apple på dataen min, hvorfor er den der? Spyware? Hvordan fjerne?

 

På forhånd takk om du tar deg tid til å ta en titt på dette, evt. om det er noe mer jeg må gjøre...

 

 

Btw, etter å ha kjørt ComboFix, så ble themet på dataen min fucka, jeg har ikke starta den på nytt enda så det kan hende at det har noe med det å gjøre. Men uansett, så hadde jeg et Alienware-skin før, og nå er det et standard svart win98-skin... - Jepp, det funka fint etter å ha restartet dataen.

Endret 31. juli 2008 av phoexo

[phoexo]

Ingen som har noe svar på problemet?

[norbat]

Hvor kjører RegistyCleaner.exe fra? (søk på pc'n din og se hvor den ligger)

[snippsat]

Se litt på denne posten.

Da kjører vi samme løpet.

https://www.diskusjon.no/index.php?showtopic=987339