explorer.exe tar 50% av CPU-en

[SemikolonP]

Skjer med det? Jeg er jo bare på forum og msn. :S

 

 

Jeg har to kjerner, for de som ikke visste det

 

Irriterende. For det første har jeg laptop, og det er veldig irriterende når vifta står på full pine hele tiden. For det andre er det dritt å bruke halve CPU-en på å gjøre ingenting.

[Programvare]

Lang bump, men det står noen gode råd her.

[snippsat]

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log"

Post HijackThis.txt

 

Tar dette først,det ingen problemer og finne ut hva som explorer jobber med.

Dette tar vi senere viss du ikke har noe grums.

Bruker da process explorer kan sette den opp symbols og gå inn i stack

for og finne eksakt hva explorer driver med.

Endret 21. juni 2008 av SNIPPSAT

[SemikolonP]

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:07:49, on 21.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

D:\fah\FAH504-Console.exe

D:\fah2\FAH504-Console.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\fah\FahCore_78.exe

D:\fah2\FahCore_82.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\program files\relevantknowledge\rlvknlg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FAH@D:+fah+FAH504-Console.exe - Stanford University - D:\fah\FAH504-Console.exe

O23 - Service: FAH@D:+fah2+FAH504-Console.exe - Stanford University - D:\fah2\FAH504-Console.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4883 bytes

[emineem]

prøv å oppdater explorer til 7. hvis ikke dette funker prøv å skift webbrowser

[snippsat]

Ja det er noe grums som må fixes opp i.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

prøv å oppdater explorer til 7. hvis ikke dette funker prøv å skift webbrowser

Så var det og og se forskjell på iexplorer.exe og explorer.exe

Endret 21. juni 2008 av SNIPPSAT

[SemikolonP]

Ja det er noe grums som må fixes opp i.

Å jasså?

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-06-20.4 - k3bab 2008-06-21 23:25:25.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1550 [GMT 2:00]

Running from: C:\Documents and Settings\k3bab\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))

.

 

2008-06-21 23:18 . 2008-06-21 23:18 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-06-21 23:18 . 2008-06-21 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-06-21 11:48 . 2008-06-21 11:48 <DIR> d-------- C:\Program Files\Audacity

2008-06-21 11:10 . 2008-06-21 11:10 <DIR> d-------- C:\Program Files\Lavasoft

2008-06-21 11:10 . 2008-06-21 11:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-21 11:10 . 2008-06-21 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-06-21 11:07 . 2008-06-21 11:07 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-21 11:04 . 2008-06-21 11:05 <DIR> d-------- C:\Program Files\Winamp

2008-06-21 11:04 . 2008-06-21 11:06 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\Winamp

2008-06-21 00:29 . 2008-06-21 00:29 <DIR> d-------- C:\Program Files\RealVNC

2008-06-20 21:07 . 2008-06-20 21:07 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\CyberLink

2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Program Files\CyberLink

2008-06-20 21:06 . 2008-06-20 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2008-06-20 21:03 . 2008-06-21 00:07 <DIR> d-------- C:\Program Files\RelevantKnowledge

2008-06-20 21:03 . 2008-06-20 21:03 <DIR> d-------- C:\Program Files\ffdshow

2008-06-20 21:03 . 2008-06-20 21:04 <DIR> d-------- C:\Program Files\Cliprex DVD Player Professional

2008-06-20 21:03 . 2008-06-20 21:03 <DIR> d-------- C:\Program Files\AC3Filter

2008-06-20 21:03 . 2003-08-19 09:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl

2008-06-20 20:50 . 2008-06-20 20:52 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\dvdcss

2008-06-20 13:19 . 2008-06-20 13:19 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\vlc

2008-06-20 12:52 . 2008-06-20 12:52 <DIR> d-------- C:\Program Files\VideoLAN

2008-06-19 18:58 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-06-19 18:58 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-06-19 12:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-19 12:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-19 12:03 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-18 23:53 . 2008-06-18 23:53 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\Apple Computer

2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Program Files\QuickTime

2008-06-18 23:34 . 2008-06-18 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-06-18 23:33 . 2008-06-18 23:33 <DIR> d-------- C:\Program Files\Apple Software Update

2008-06-18 23:33 . 2008-06-18 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-06-18 23:28 . 2005-11-01 18:08 308,992 --a------ C:\WINDOWS\system32\drivers\rixdptsk.sys

2008-06-18 23:28 . 2004-09-03 12:00 90,112 --a------ C:\WINDOWS\system32\snymsico.dll

2008-06-18 23:28 . 2005-11-01 17:54 51,584 --a------ C:\WINDOWS\system32\drivers\rimsptsk.sys

2008-06-18 23:28 . 2005-11-16 20:28 28,928 --a------ C:\WINDOWS\system32\drivers\rimmptsk.sys

2008-06-18 23:28 . 2005-05-06 18:06 16,480 --a------ C:\WINDOWS\system32\rixdicon.dll

2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\Program Files\Reference Assemblies

2008-06-18 20:58 . 2008-06-18 20:58 <DIR> d-------- C:\Program Files\MSBuild

2008-06-18 20:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-06-18 20:55 . 2008-06-18 20:55 <DIR> d-------- C:\Program Files\MSXML 6.0

2008-06-18 20:49 . 2008-06-18 20:50 <DIR> d-------- C:\Program Files\NCH Swift Sound

2008-06-18 20:49 . 2008-06-18 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-06-18 19:15 . 2008-06-18 19:16 <DIR> d-------- C:\Program Files\CESAM-Flash

2008-06-18 19:14 . 2008-06-18 19:14 <DIR> d-------- C:\Documents and Settings\k3bab\WINDOWS

2008-06-18 19:14 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe

2008-06-18 19:10 . 2008-06-18 19:10 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-06-18 19:07 . 2008-06-18 19:07 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\DAEMON Tools

2008-06-18 19:07 . 2008-06-18 19:07 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-18 18:17 . 2008-06-18 18:42 <DIR> d-------- C:\Documents and Settings\k3bab\Contacts

2008-06-18 18:16 . 2008-06-18 18:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-18 18:08 . 2008-06-18 18:16 <DIR> d-------- C:\Program Files\Windows Live

2008-06-18 18:08 . 2008-06-18 18:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-06-18 18:08 . 2008-06-18 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-18 16:57 . 2008-06-18 16:57 <DIR> d-------- C:\Program Files\HyCam2

2008-06-18 15:17 . 2008-06-18 16:07 <DIR> d-------- C:\Documents and Settings\k3bab\.housecall6.6

2008-06-18 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-06-18 13:34 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-06-18 13:34 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-06-18 13:34 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-06-18 13:34 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-06-18 13:34 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-06-18 13:33 . 2008-06-18 13:33 <DIR> d-------- C:\Program Files\LimeWire

2008-06-18 13:32 . 2008-06-18 13:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-06-18 13:32 . 2008-06-18 13:32 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-06-18 13:32 . 2008-06-18 13:32 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-06-18 13:32 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-06-18 13:32 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-06-18 13:32 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-06-18 13:32 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-06-18 13:30 . 2008-06-18 13:30 <DIR> d-------- C:\Program Files\RivaTuner v2.09

2008-06-18 13:30 . 2008-06-18 13:30 <DIR> d-------- C:\Program Files\Futuremark

2008-06-18 08:52 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-18 08:50 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-06-17 22:34 . 2008-06-21 10:01 <DIR> d-------- C:\Program Files\SpeedFan

2008-06-17 22:34 . 2008-06-17 22:34 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\WINDOWS\Sun

2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-06-17 22:01 . 2008-06-17 22:01 <DIR> d-------- C:\Documents and Settings\k3bab\Application Data\SystemRequirementsLab

2008-06-17 22:00 . 2008-06-17 22:00 <DIR> d-------- C:\Program Files\Java

2008-06-17 22:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-17 21:56 . 2008-06-17 21:56 <DIR> d-------- C:\Program Files\Common Files\Java

2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d---s---- C:\Documents and Settings\k3bab\UserData

2008-06-17 21:45 . 2008-06-17 21:45 <DIR> d-------- C:\NVIDIA

2008-06-17 19:33 . 2008-06-17 19:34 <DIR> d-------- C:\Program Files\CONEXANT

2008-06-17 19:33 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-06-17 19:33 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2008-06-17 19:28 . 2008-06-20 21:06 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2008-06-17 19:28 . 2008-06-17 19:28 <DIR> d-------- C:\Program Files\Hewlett-Packard

2008-06-17 19:00 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-17 19:00 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-17 18:52 . 2008-06-20 20:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-06-17 18:52 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-06-17 13:01 . 2008-06-17 13:06 <DIR> d-------- C:\WINDOWS\nview

2008-06-17 13:01 . 2008-06-20 21:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2008-06-17 13:01 . 2008-03-26 12:30 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-17 13:01 . 2007-05-23 04:35 111,544 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-17 13:01 . 2007-05-23 04:35 17,431 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-17 12:47 --------- d-----w C:\Program Files\Alwil Software

2008-06-17 10:49 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS

2008-06-17 10:49 --------- d-----w C:\Program Files\Broadcom

2008-06-17 10:49 --------- d-----w C:\Documents and Settings\k3bab\Application Data\InstallShield

2008-06-17 10:41 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-23 04:35 8433664]

"nwiz"="nwiz.exe" [2007-05-23 04:35 1626112 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\wscntfy.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\program files\\relevantknowledge\\rlvknlg.exe"=

"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 FAH@D:+fah+FAH504-Console.exe;FAH@D:+fah+FAH504-Console.exe;D:\fah\FAH504-Console.exe [2008-06-17 21:29]

R2 FAH@D:+fah2+FAH504-Console.exe;FAH@D:+fah2+FAH504-Console.exe;D:\fah2\FAH504-Console.exe [2008-06-17 21:29]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 13:54]

S3 WMI_MFC_TPSHOKER_80;WMI_MFC_TPSHOKER_80;C:\WINDOWS\system32\drivers\eiikgl.sys []

 

*Newly Created Service* - CATCHME

*Newly Created Service* - UMWDF

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-21 23:26:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

"ServiceDll"="C:\WINDOWS\system32\es.dll"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+fah+FAH504-Console.exe]

"ImagePath"="D:\fah\FAH504-Console.exe -svcstart"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+fah2+FAH504-Console.exe]

.

Completion time: 2008-06-21 23:27:41

ComboFix-quarantined-files.txt 2008-06-21 21:27:39

 

Pre-Run: 10,089,500,672 bytes free

Post-Run: 10,137,272,320 bytes free

 

180 --- E O F --- 2008-06-20 18:54:30

 

Btw: Kom akkurat til å tenke på at jeg la inn XP på nytt før Vintermåne svarte i tråden. Men har ikke noe imot å få fikset eventuelle problemer

[snippsat]

Hmm et spørsmål søk og se om du har denne filen.

C:\program files\relevantknowledge\rlvknlg.exe

 

Du har lagd inn win på har du problemer med explorer ennå?

[SemikolonP]

Hmm et spørsmål søk og se om du har denne filen.

C:\program files\relevantknowledge\rlvknlg.exe

Den fila finnes

 

Du har lagd inn win på har du problemer med explorer ennå?

Kan i hvert fall ikke huske at jeg har opplevd noe problemer med at explorer.exe spiser cpu, men som sagt har jeg ingenting imot å friske opp systemet litt.

[snippsat]

Start HijackThis "scan" finn denne linjen merk den,så trykk fix checked.

O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot

---

Restart

---

Slett fil

C:\program files\relevantknowledge\rlvknlg.exe

---

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte)

---

Da er du ren når det gjelder malware.

Du får melde fra om explorer.exe forsatt bruker av cpu.

Da går vi videre og finner ut av det.

Endret 22. juni 2008 av SNIPPSAT