Gå till innehåll

flaggis

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    8

  • Gick med

  • Besökte senast

flaggis's Achievements

(1/8)

  1. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Tack ännengång för allt ^^
  2. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Det funkar fint nu, du ska ha tusen tack, du har varit en ängel ^^
  3. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Hejsan wall of text -.-' iaf, var tvungen att sova lite därimellan ComboFix 10-05-22.01 - Erik 2010-05-23 12:32:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.1127 [GMT 2:00] Körs från: c:\documents and settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Erik\Application Data\addon.dat c:\windows\explorer.exe.tmp c:\windows\MICROSOFT c:\windows\MICROSOFT\klog.dat c:\windows\system32\E599C61129.dll . (((((((((((((((((((((((( Filer Skapade från 2010-04-23 till 2010-05-23 )))))))))))))))))))))))))))))) . 2010-05-22 22:51 . 2010-05-22 22:52 -------- d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-05-22 22:45 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-05-22 22:45 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-05-22 22:45 . 2010-05-22 22:45 -------- d-----w- c:\program files\Avira 2010-05-22 22:45 . 2010-05-22 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Registry Helper 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Computer Updater 2010-05-22 22:37 . 2010-05-22 22:37 -------- d-----w- c:\program files\Registry Helper 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\documents and settings\Erik\Application Data\Malwarebytes 2010-05-22 18:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-22 18:24 . 2010-05-22 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 18:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-21 18:36 . 2010-05-21 18:44 80032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-05-21 18:29 . 2008-02-29 09:12 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29 . 2008-02-29 09:12 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29 . 2008-02-29 09:12 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:28 . 2008-02-29 10:00 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:28 . 2008-02-29 09:12 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:05 . 2010-05-21 18:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 18:04 . 2010-05-21 18:49 -------- d-----w- c:\program files\Uniblue 2010-05-14 17:29 . 2010-05-14 17:29 -------- d-----w- c:\program files\DX-Ball 2010-05-10 23:18 . 2010-05-10 23:19 -------- d-----w- c:\program files\CCleaner 2010-05-10 22:57 . 2010-05-10 22:57 -------- d-----w- C:\symbols 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\documents and settings\Erik\Application Data\Canneverbe Limited 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2010-05-08 08:29 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-05-08 08:29 . 2010-05-08 08:29 -------- d-----w- c:\program files\CDBurnerXP . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 00:02 . 2010-01-04 12:59 -------- d-----w- c:\documents and settings\Erik\Application Data\uTorrent 2010-05-22 22:36 . 2010-01-04 11:17 -------- d-----w- c:\documents and settings\Erik\Application Data\Hamachi 2010-05-22 18:48 . 2010-01-06 15:37 -------- d-----w- c:\program files\Diablo II 1.13 2010-05-22 09:01 . 2010-01-04 13:02 -------- d-----w- c:\program files\uTorrent 2010-05-21 18:49 . 2010-01-05 06:13 -------- d-----w- c:\documents and settings\Erik\Application Data\Uniblue 2010-05-21 18:49 . 2010-01-05 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2010-05-21 18:45 . 2010-01-04 19:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29 . 2010-05-21 18:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-10 19:12 . 2010-01-04 13:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-10 19:09 . 2010-02-01 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-05-10 19:09 . 2010-01-04 11:37 -------- d-----w- c:\program files\Samurize 2010-05-10 19:08 . 2010-01-04 12:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-05-08 08:29 . 2010-01-04 12:55 23000 ----a-w- c:\documents and settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-06 18:23 . 2010-04-05 12:17 -------- d-----w- c:\program files\Diablo II 2010-05-05 20:06 . 2010-01-04 11:37 -------- d-----w- c:\program files\Opera 2010-04-18 18:58 . 2010-04-18 18:49 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-16 20:48 . 2010-04-16 20:47 -------- d-----w- c:\documents and settings\Erik\Application Data\Magic Set Editor 2010-04-16 20:47 . 2010-04-16 20:47 -------- d-----w- c:\program files\Magic Set Editor 2 2010-04-16 18:15 . 2010-04-13 20:20 -------- d-----w- c:\program files\StarCraft 2010-04-13 20:35 . 2010-04-13 20:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-04-05 13:00 . 2010-01-06 15:39 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36 . 2010-01-04 11:06 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36 . 2010-01-04 11:06 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36 . 2010-01-04 11:06 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18 . 2010-01-06 15:39 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18 . 2010-01-06 15:39 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03 . 2010-01-06 15:50 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-30 14:41 . 2010-03-30 14:41 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-03-14 16:06 . 2010-03-14 16:06 503808 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\msvcp71.dll 2010-03-14 16:06 . 2010-03-14 16:06 348160 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\msvcr71.dll 2010-03-14 16:06 . 2010-03-14 16:06 499712 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4246ec20-n\jmc.dll 2010-03-14 16:06 . 2010-03-14 16:06 61440 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20dae6a8-n\decora-sse.dll 2010-03-14 16:06 . 2010-03-14 16:06 12800 ----a-w- c:\documents and settings\Erik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20dae6a8-n\decora-d3d.dll 2010-03-14 16:05 . 2010-03-14 16:05 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15 . 2008-04-14 04:42 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 14:05 . 2010-03-09 14:05 0 ----a-w- c:\windows\nsreg.dat 2010-02-25 06:24 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2008-04-13 23:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-22 322352] "Registry Helper"="c:\program files\Registry Helper\RegistryHelper.Exe" [2010-05-19 5862768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BankID Security Application.lnk - c:\program files\Personal\bin\Personal.exe [2010-1-4 939920] hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2010-1-7 597544] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-05-23 135336] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336] R2 Registry Helper Service;Registry Helper Service;c:\program files\Registry Helper\RegistryHelperService.exe [2010-05-19 83328] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-04 691696] S3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-09-23 42368] --- Övriga tjänster/drivrutiner i minnet --- *NewlyCreated* - SSMDRV . Innehållet i mappen 'Schemalagda aktiviteter': . . ------- Extra genomsökning ------- . uStart Page = about:blank Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe ActiveSetup-{D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\Microsoft\svchost.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 12:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Sluttid: 2010-05-23 12:37:13 ComboFix-quarantined-files.txt 2010-05-23 10:37 Före genomsökningen: 4 606 656 512 bytes free Efter genomsökningen: 4 646 965 248 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 81B11D2310B89BD59F901EFD1489E204 DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 12:44:02,93 on 2010-05-23 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.1036 [GMT 2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\DOCUME~1\Erik\LOCALS~1\Temp\~nsu.tmp\Au_.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds (1).scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-23 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-23 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-23 60936] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-23 10:32:12 0 d-sha-r- C:\cmdcons 2010-05-23 00:05:28 98816 ----a-w- c:\windows\sed.exe 2010-05-23 00:05:28 77312 ----a-w- c:\windows\MBR.exe 2010-05-23 00:05:28 256512 ----a-w- c:\windows\PEV.exe 2010-05-23 00:05:28 161792 ----a-w- c:\windows\SWREG.exe 2010-05-22 22:51:38 0 d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45:13 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45:12 0 d-----w- c:\program files\Avira 2010-05-22 22:45:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-05-22 22:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Computer Updater 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-19 18:07:34 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx 2010-05-19 18:07:34 135168 ----a-w- c:\windows\system32\SafeAppRichList.ocx 2010-05-19 18:07:32 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx 2010-05-19 18:01:46 389120 ----a-w- c:\windows\system32\DiskCleanerLM.ocx 2010-05-19 17:58:34 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 12:44:17,95 ===============
  4. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Avira AntiVir Personal Report file date: den 23 maj 2010 00:51 Scanning for 2148185 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Erik Computer name : TEZZERETSCITADE Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 2010-04-19 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 2010-04-01 11:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 2010-04-01 11:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 2010-03-07 17:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2010-02-10 22:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 2009-11-19 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 2010-01-20 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 2010-01-26 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 2010-03-05 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 2010-04-15 22:49:33 VBASE006.VDF : 7.10.6.83 2048 Bytes 2010-04-15 22:49:33 VBASE007.VDF : 7.10.6.84 2048 Bytes 2010-04-15 22:49:33 VBASE008.VDF : 7.10.6.85 2048 Bytes 2010-04-15 22:49:33 VBASE009.VDF : 7.10.6.86 2048 Bytes 2010-04-15 22:49:33 VBASE010.VDF : 7.10.6.87 2048 Bytes 2010-04-15 22:49:33 VBASE011.VDF : 7.10.6.88 2048 Bytes 2010-04-15 22:49:33 VBASE012.VDF : 7.10.6.89 2048 Bytes 2010-04-15 22:49:33 VBASE013.VDF : 7.10.6.90 2048 Bytes 2010-04-15 22:49:33 VBASE014.VDF : 7.10.6.123 126464 Bytes 2010-04-19 22:49:33 VBASE015.VDF : 7.10.6.152 123392 Bytes 2010-04-21 22:49:34 VBASE016.VDF : 7.10.6.178 122880 Bytes 2010-04-22 22:49:34 VBASE017.VDF : 7.10.6.206 120320 Bytes 2010-04-26 22:49:34 VBASE018.VDF : 7.10.6.232 99328 Bytes 2010-04-28 22:49:34 VBASE019.VDF : 7.10.7.2 155648 Bytes 2010-04-30 22:49:35 VBASE020.VDF : 7.10.7.26 119808 Bytes 2010-05-04 22:49:35 VBASE021.VDF : 7.10.7.51 118272 Bytes 2010-05-06 22:49:35 VBASE022.VDF : 7.10.7.75 404992 Bytes 2010-05-10 22:49:36 VBASE023.VDF : 7.10.7.100 125440 Bytes 2010-05-13 22:49:36 VBASE024.VDF : 7.10.7.119 177664 Bytes 2010-05-17 22:49:36 VBASE025.VDF : 7.10.7.139 129024 Bytes 2010-05-19 22:49:36 VBASE026.VDF : 7.10.7.140 2048 Bytes 2010-05-19 22:49:36 VBASE027.VDF : 7.10.7.141 2048 Bytes 2010-05-19 22:49:36 VBASE028.VDF : 7.10.7.142 2048 Bytes 2010-05-19 22:49:37 VBASE029.VDF : 7.10.7.143 2048 Bytes 2010-05-19 22:49:37 VBASE030.VDF : 7.10.7.144 2048 Bytes 2010-05-19 22:49:37 VBASE031.VDF : 7.10.7.155 155648 Bytes 2010-05-21 22:49:37 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 2010-05-22 22:49:41 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 2010-05-22 22:49:41 AESCN.DLL : 8.1.6.1 127347 Bytes 2010-05-22 22:49:41 AESBX.DLL : 8.1.3.1 254324 Bytes 2010-05-22 22:49:42 AERDL.DLL : 8.1.4.6 541043 Bytes 2010-05-22 22:49:40 AEPACK.DLL : 8.2.1.1 426358 Bytes 2010-03-19 11:34:51 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 2010-05-22 22:49:40 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 2010-05-22 22:49:40 AEHELP.DLL : 8.1.11.3 242039 Bytes 2010-04-01 15:05:25 AEGEN.DLL : 8.1.3.9 377203 Bytes 2010-05-22 22:49:38 AEEMU.DLL : 8.1.2.0 393588 Bytes 2010-05-22 22:49:38 AECORE.DLL : 8.1.15.3 192886 Bytes 2010-05-22 22:49:38 AEBB.DLL : 8.1.1.0 53618 Bytes 2010-05-22 22:49:37 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2010-01-14 11:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 2010-01-14 11:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2010-02-18 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 2010-04-01 11:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 2010-04-01 11:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 2010-04-01 11:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2010-01-26 08:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2010-01-28 11:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2010-03-16 14:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2010-02-19 13:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 2010-01-28 12:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 2010-04-09 13:14:29 Configuration settings for the scan: Jobname.............................: Short system scan after installation Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: den 23 maj 2010 00:51 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'setup.exe' - '1' Module(s) have been scanned Scan process 'presetup.exe' - '1' Module(s) have been scanned Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'RegistryHelper.exe' - '1' Module(s) have been scanned Scan process 'RegistryHelperService.exe' - '1' Module(s) have been scanned Scan process 'mplayerc.exe' - '1' Module(s) have been scanned Scan process 'Game.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'opera.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'hamachi.exe' - '1' Module(s) have been scanned Scan process 'Personal.exe' - '1' Module(s) have been scanned Scan process 'uTorrent.exe' - '1' Module(s) have been scanned Scan process 'DTLite.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hamachi-2-ui.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned Scan process 'hamachi-2.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Starting to scan executable files (registry). C:\WINDOWS\Microsoft\svchost.exe [DETECTION] Is the TR/Dropper.Gen Trojan --> Object [DETECTION] Is the TR/Dropper.Gen Trojan The registry was scanned ( '366' files ). Beginning disinfection: C:\WINDOWS\Microsoft\svchost.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The registration entry <HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{D1DCBBF9-254C-0B56-30E2-D255C092601D}\StubPath> was removed successfully. [NOTE] The file was moved to the quarantine directory under the name '442ec405.qua'. End of the scan: den 23 maj 2010 00:52 Used time: 01:00 Minute(s) The scan has been done completely. 0 Scanned directories 842 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 841 Files not concerned 3 Archives were scanned 0 Warnings 1 Notes DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 0:53:12,18 on 2010-05-23 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.741 [GMT 2:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Diablo II 1.13\Game.exe C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe C:\Program Files\Registry Helper\RegistryHelperService.exe C:\Program Files\Registry Helper\RegistryHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" uRun: [Registry Helper] "c:\program files\registry helper\RegistryHelper.Exe" /boot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-23 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-23 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-23 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-23 60936] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] R2 Registry Helper Service;Registry Helper Service;c:\program files\registry helper\RegistryHelperService.exe [2010-5-19 83328] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-22 22:51:38 0 d-----w- c:\windows\system32\NtmsData 2010-05-22 22:45:13 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-05-22 22:45:12 0 d-----w- c:\program files\Avira 2010-05-22 22:45:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-05-22 22:39:47 24637 ----a-w- c:\docume~1\erik\applic~1\addon.dat 2010-05-22 22:37:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Registry Helper 2010-05-22 22:37:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Computer Updater 2010-05-22 22:37:21 0 d-----w- c:\program files\Registry Helper 2010-05-22 22:35:42 0 d-----w- c:\program files\Computer Updater 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-19 18:07:34 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx 2010-05-19 18:07:34 135168 ----a-w- c:\windows\system32\SafeAppRichList.ocx 2010-05-19 18:07:32 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx 2010-05-19 18:01:46 389120 ----a-w- c:\windows\system32\DiskCleanerLM.ocx 2010-05-19 17:58:34 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 0:53:37,25 ===============
  5. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Oj fan..
  6. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Sådär: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-05-22 20:33:21 mbam-log-2010-05-22 (20-33-21).txt Scan type: Quick scan Objects scanned: 112124 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot. Files Infected: C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot. C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\Documents and Settings\Erik\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 20:43:28,73 on 2010-05-22 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.930 [GMT 2:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-22 18:24:19 0 d-----w- c:\docume~1\erik\applic~1\Malwarebytes 2010-05-22 18:24:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 18:24:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-22 18:24:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 18:24:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 20:43:43,90 ===============
  7. flaggis

    Cpu usage 100%

    flaggis svarade på flaggis's ämne i Windows XP

    Jag använde Virustotal.com för de specifika filerna och för datorscannen Vga Inget hittades. DDS (Ver_10-03-17.01) - NTFSx86 Run by Erik at 18:45:40,45 on 2010-05-22 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1471.728 [GMT 2:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Personal\bin\Personal.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Program Files\Opera\opera.exe C:\Program Files\RelevantKnowledge\rlvknlg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Erik\Local Settings\Application Data\Opera\Opera\temporary_downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java Plug-In 2 SSV Helper TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: RelevantKnowledge - c:\program files\relevantknowledge\rlls.dll mASetup: {D1DCBBF9-254C-0B56-30E2-D255C092601D} - c:\windows\microsoft\svchost.exe s ============= SERVICES / DRIVERS =============== R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\PFC027.SYS [?] S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\msi\pc alert 4\ntglm7x.sys --> c:\program files\msi\pc alert 4\NTGLM7X.sys [?] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368] =============== Created Last 30 ================ 2010-05-21 18:34:22 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~3 2010-05-21 18:31:02 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~2 2010-05-21 18:29:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2010-05-21 18:29:40 76304 ----a-w- c:\windows\KHALMNPR.Exe 2010-05-21 18:29:40 37008 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2010-05-21 18:29:40 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2010-05-21 18:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2010-05-21 18:29:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-05-21 18:28:24 29072 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys 2010-05-21 18:28:24 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll 2010-05-21 18:04:56 0 d-----w- c:\program files\Uniblue 2010-05-21 18:03:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~1 2010-05-21 18:02:44 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0 2010-05-14 17:29:31 0 d-----w- c:\program files\DX-Ball 2010-05-10 23:18:53 0 d-----w- c:\program files\CCleaner 2010-05-10 22:57:41 0 d-----w- C:\symbols 2010-05-08 08:29:27 0 d-----w- c:\docume~1\erik\applic~1\Canneverbe Limited 2010-05-08 08:29:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited 2010-05-08 08:29:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys ==================== Find3M ==================== 2010-05-22 13:16:02 24637 ----a-w- c:\docume~1\erik\applic~1\addon.dat 2010-04-18 18:58:01 132829955 ----a-w- C:\MedianXL_v1F9b.zip 2010-04-05 13:00:28 69895 ----a-w- c:\windows\DIIUnin.dat 2010-04-05 12:36:53 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-04-05 12:36:53 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-04-05 12:36:52 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-04-05 12:18:23 94208 ----a-w- c:\windows\DIIUnin.exe 2010-04-05 12:18:23 2829 ----a-w- c:\windows\DIIUnin.pif 2010-04-02 11:03:23 3912204 ----a-w- c:\program files\Patch_D2.mpq 2010-03-14 16:05:46 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll ============= FINISH: 18:46:01,37 ===============
  8. flaggis

    Cpu usage 100%

    ett ämne postade flaggis i Windows XP

    Hej, jag har sökt på både detta forum och på många andra men kan inte hitta en lösning som funkar till mitt problem. Jag märkte häromdan att min dator började lagga något så fruktansvärt och gick in i aktivitetshanteraren, där ser jag att Cpu usage låg på 100% och att boven var 'explorer' som låg på över 1 500 000k och tog upp all cpu, nä jag stängde av explorer låg usaget på 4-6 procent. många har föreslagit att stänga ner onödiga processer och liknande, jag har även sökt nya uppdateringar för drivrutiner, defragmenterat, rensat onödiga filer och processer, sökt igenom datorn efter virus, specialsökt explorer filerna med ett antal scanningprogram, testat att byta ut explorer.exe. Inget av detta har hjälpt och jag hoppas jag kan få hjälp här. datorn fungerar som sagt utmärkt utan explorer och jag använder för närvarande aktivitetshanteraren för att starta program -.-' Jag har: Microsoft Windows XP professional service pack 3 Acer Aspire T120 Tack på förhand. behöver ni veta mer är det bara att fråga.
×
×
  • Skapa nytt...