I'm having this problem, when I'm connecting to the internet (DSL connection) sometimes my computer reboots and i don't understand why... when I go to the zonealarm window a process running appears to be trying to connect the net, but i didn't allow it to, but i think the problems started when this process showed up...
ad-aware doesn't find anything harmfull and kaspersky doesn't find anything harmfull also, so i "googled" the process and came up here for help.
it's ntuser that's bothering me, i don't know if it is harmfull or not so i ask for your help to see if i can solve my problem...
Logfile of HijackThis v1.99.1
Scan saved at 22:20:04, on 25-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
E:\programas\cfosspeed\spd.exe
D:\WINDOWS\Explorer.EXE
D:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\r_server.exe
D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Programas\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\pupxpman.exe
D:\Programas\Java\j2re1.4.2_06\bin\jusched.exe
E:\Programas\Messenger Plus! 3\MsgPlus.exe
D:\Programas\QuickTime\qttask.exe
E:\Programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
E:\programas\cfosspeed\cFosSpeed.exe
E:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programas\Acronis\TrueImage\TrueImageMonitor.exe
D:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Programas\MSN Messenger\msnmsgr.exe
E:\programas\Gomez\GomezPEER\bin\GomezPEER.exe
E:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
D:\PROGRA~1\EUROBA~1\erobar.exe
E:\programas\Mozilla Firefox\firefox.exe
D:\Programas\Windows Media Player\wmplayer.exe
E:\programas\BitComet\BitComet.exe
E:\programas\WinAce\WinAce.exe
D:\Documents and Settings\ricardo\Definições locais\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.klamm.de/?id=169671
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player support DLL - {2DC9D850-144D-11E1-B3C9-10805E499D95} - D:\WINDOWS\system32\mplay32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mspwr] D:\WINDOWS\system32\pupxpman.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programas\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "E:\Programas\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [cFosSpeed] E:\programas\cfosspeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "E:\Programas\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Programas\Ficheiros comuns\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Programas\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SP2 Connection Patcher] "D:\Programas\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [msnmsgr] "D:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Eurobarre.lnk = D:\Programas\eurobarre\eb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gomez PEER.lnk = E:\programas\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: Testes Teóricos de Exame.lnk = G:\Testescodigo.exe
O8 - Extra context menu item: Download All by FlashGet - E:\programas\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\programas\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programas\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programas\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{616999EF-6B21-4188-9FE0-C5A0F83E99F2}: NameServer = 195.245.176.19 194.38.131.19
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - D:\Programas\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/html - {D7806F98-C55E-4555-8ACF-A62EB03AB008} - (no file)
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - D:\Programas\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - D:\Programas\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Programas\Ficheiros comuns\Acronis\Schedule2\schedul2.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\programas\cfosspeed\spd.exe" -service (file missing)
O23 - Service: kavsvc - Kaspersky Lab - E:\Programas\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - D:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
thanks for your assistance.
riclas
Edited by riclas, 26 July 2005 - 03:35 PM.