RogerR Skrevet 14. mars 2010 Del Skrevet 14. mars 2010 Hei, Smått i villrede ang. pc'ens siste strabasiøse prosjekt som den utfører helt på egenhånd, hehe. OS: WinXP SP3 PC: Lenovo Desktop dræt, 2,5 gb minne, Intel GMA skjerm, intgr. lydkort Malware: Anti Malwarebytes Pro + Spybot Antivirus: F-Secure (NGT Sikkerhetspakke) Generelt: Er flink til å oppdatere både XP, Malware, Spybot, Antivirus etc. regelmessig dvs. daglig. Så det står ikke på utdaterte db'er derfra. Problemet: Plutselig etter en reboot, begynte VLC/WMP å lagge når jeg begynte å kjøre filmer, i tillegg begynte Opera også å lagge noe uhorvelig uten noe god grunn. Tenkte kanskje det hadde noe med GFX å gjøre, så oppdaterte med siste drivere fra Intel - hjalp ikke. Det lagger like mye og det kommer like heavy CPU load fra Opera som andre ting eks. VLC og WMP når de kjører. CPU load som fører til lag utføres også via Malwarebytes og f-Secure. Ikke funnet noen virus eller malware, og jeg er usikker på hva som kan forårsake dette. Logg fra Combofix: ComboFix 10-03-13.01 - User 13.03.2010 22:31:20.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2549.1607 [GMT 1:00] Kjører fra: c:\documents and settings\User\Lokale innstillinger\Programdata\Opera\Opera\temporary_downloads\ComboFix.exe AV: NextGenTel Sikkerhetspakke 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: NextGenTel Sikkerhetspakke 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-13 til 2010-03-13 ))))))))))))))))))))))))))))))))) . 2010-03-11 22:52 . 2008-02-15 11:49 176128 ----a-w- c:\windows\system32\igfxres.dll 2010-03-11 22:33 . 2010-03-11 22:33 -------- d-----w- c:\programfiler\SystemRequirementsLab 2010-03-11 22:33 . 2010-03-11 22:33 -------- d-----w- c:\documents and settings\User\SystemRequirementsLab 2010-03-10 02:03 . 2010-03-10 02:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-03-07 13:20 . 2010-03-07 13:20 -------- d-----w- c:\programfiler\iPod 2010-03-07 13:20 . 2010-03-07 13:21 -------- d-----w- c:\programfiler\iTunes 2010-03-07 13:08 . 2010-03-07 13:08 72488 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-18 16:04 . 2010-02-18 16:04 -------- d-----w- c:\programfiler\Haali 2010-02-18 15:59 . 2010-02-18 15:59 -------- d-----w- c:\programfiler\CoreCodec 2010-02-15 16:53 . 2010-03-12 01:40 -------- d-----w- c:\programfiler\AB 2010-02-14 23:02 . 2010-02-14 23:02 -------- d-----w- c:\programfiler\uTorrent 2010-02-14 23:00 . 2010-03-13 21:31 -------- d-----w- c:\documents and settings\User\Programdata\uTorrent 2010-02-11 21:46 . 2010-02-11 21:46 -------- d-sh--w- c:\documents and settings\User\PrivacIE . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 21:18 . 2009-09-28 00:44 -------- d-----w- c:\documents and settings\User\Programdata\vlc 2010-03-11 19:55 . 2009-12-26 05:32 -------- d-----w- c:\documents and settings\User\Programdata\Skype 2010-03-10 23:05 . 2009-12-26 05:35 -------- d-----w- c:\documents and settings\User\Programdata\skypePM 2010-03-10 02:32 . 2009-09-27 02:08 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2010-03-07 13:20 . 2009-11-03 14:27 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2010-03-07 10:57 . 2009-09-27 19:00 44144 ----a-w- c:\documents and settings\User\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2010-03-02 03:50 . 2009-09-26 18:50 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2010-02-28 03:49 . 2009-09-29 02:23 -------- d-----w- c:\documents and settings\User\Programdata\dvdcss 2010-02-18 22:31 . 2009-12-26 05:19 -------- d-----w- c:\documents and settings\User\Programdata\TeamViewer 2010-02-18 16:04 . 2010-02-18 16:04 -------- d-----w- c:\programfiler\Haali 2010-02-17 03:07 . 2009-09-27 02:19 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-02-17 02:04 . 2009-09-27 02:11 -------- d-----w- c:\programfiler\Microsoft Works 2010-02-09 06:06 . 2009-09-27 17:03 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-02-08 19:12 . 2009-11-12 15:23 -------- d-----w- c:\programfiler\CDBurnerXP 2010-02-06 15:42 . 2010-02-06 15:42 -------- d-----w- c:\documents and settings\User\Programdata\Canneverbe Limited 2010-01-22 17:50 . 2009-10-21 20:12 -------- d-----w- c:\programfiler\F-Secure 2010-01-22 02:53 . 2009-09-27 16:58 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-18 00:57 . 2009-09-26 19:06 -------- d-----w- c:\documents and settings\User\Programdata\ImgBurn 2010-01-15 02:20 . 2010-01-15 00:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Yahoo! 2010-01-14 02:45 . 2009-09-27 16:03 -------- d-----w- c:\documents and settings\User\Programdata\Spotify 2010-01-08 17:00 . 2009-09-27 17:05 5115824 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 15:07 . 2009-09-27 17:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-09-27 17:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:50 . 2008-04-13 10:15 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-26 05:35 . 2009-12-26 05:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-21 19:10 . 2008-04-14 07:22 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 16:26 . 2004-08-04 12:00 84066 ----a-w- c:\windows\system32\perfc014.dat 2009-12-17 16:26 . 2004-08-04 12:00 454102 ----a-w- c:\windows\system32\perfh014.dat 2009-12-17 16:17 . 2009-09-26 18:41 23392 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-17 07:42 . 2009-09-26 18:40 344064 ----a-w- c:\windows\system32\mspaint.exe 2009-12-15 21:29 . 2009-09-26 19:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-12-14 07:10 . 2008-04-14 07:21 33280 ----a-w- c:\windows\system32\csrsrv.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "F-Secure Manager"="c:\programfiler\F-Secure\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\programfiler\F-Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-11-10 417792] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Malwarebytes' Anti-Malware"="c:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-02-15 141608] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\User\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\programfiler\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [25.10.2009 03:28 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21.10.2009 21:13 80000] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programfiler\F-Secure\HIPS\drivers\fshs.sys [21.10.2009 21:12 68064] R2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [27.09.2009 18:03 236368] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programfiler\F-Secure\Anti-Virus\minifilter\fsgk.sys [21.10.2009 21:12 107104] R3 FSORSPClient;F-Secure ORSP Client;c:\programfiler\F-Secure\ORSP Client\fsorsp.exe [21.10.2009 21:12 55992] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.09.2009 18:03 19160] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.09.2009 01:43 721904] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programfiler\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programfiler\PostgreSQL\8.3\data\" --> c:\programfiler\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [10.01.2010 16:56 40448] S4 F-Secure Filter;F-Secure File System Filter;c:\programfiler\F-Secure\Anti-Virus\win2k\fsfilter.sys [21.10.2009 21:12 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programfiler\F-Secure\Anti-Virus\win2k\fsrec.sys [21.10.2009 21:12 25184] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-03-13 c:\windows\Tasks\Malwarebytes' Scheduled Update for User.job - c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe [2009-09-27 15:07] 2010-03-12 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-10-21 15:56] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\programfiler\F-Secure\FSPS\program\FSLSP.DLL TCP: {998B48C2-D987-4C0E-8044-D9C035E724C5} = 217.13.4.24,217.13.7.140 DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 22:39 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(864) c:\programfiler\f-secure\hips\fshook32.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(920) c:\programfiler\F-Secure\FSPS\program\FSLSP.DLL c:\programfiler\f-secure\hips\fshook32.dll - - - - - - - > 'explorer.exe'(2260) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\programfiler\Qualcomm\Eudora\EuShlExt.dll . Tidspunkt ferdig: 2010-03-13 22:43:24 ComboFix-quarantined-files.txt 2010-03-13 21:43 Pre-Run: 8 135 282 688 byte ledig Post-Run: 8 389 906 432 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 51B0DF3477FE7D82A1ABB4C9A676ADA1 Logg fra Malwarebytes: Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3863 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13.03.2010 23:25:51 mbam-log-2010-03-13 (23-25-51).txt Skanntype: Rask Skann Objekter skannet: 123766 Tid tilbakelagt: 14 minute(s), 2 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
norbat Skrevet 14. mars 2010 Del Skrevet 14. mars 2010 Noe malware er det ikke i loggen. Hvis det har skjedd nylig kunne det kanskje være en ide å kjøre systemgjenoppretting tilbake til et tidspunkt før problemet oppsto. Lenke til kommentar
RogerR Skrevet 14. mars 2010 Forfatter Del Skrevet 14. mars 2010 Driver ikke med systemogjenopprettingspunkt desverre, skulle gjerne hatt det, hehe Nei vet ikke, skjønner det ikke helt selv. Og det er sykt irriterende å ikke kunne streame en vanlig film Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå