2bb1 Skrevet 11. september 2007 Del Skrevet 11. september 2007 (endret) Hei, her har dere HiJackThis-loggen: Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:57, on 11.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\ibmpmsvc.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\windows\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\windows\system32\cisvc.exe C:\windows\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\windows\system32\svchost.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\windows\System32\TPHDEXLG.EXE C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\windows\Explorer.EXE C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\windows\system32\TpShocks.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\windows\system32\rundll32.exe C:\windows\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe D:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe C:\windows\system32\ctfmon.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\windows\system32\cidaemon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sf-f.kommune.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MMReminderService] D:\Programfiler\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\2bb1\Programdata\Mozilla\Firefox\Profiles\sdstqun7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\2bb1\Programdata\Mozilla\Firefox\Profiles/sdstqun7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Oppdater ThinkPad-programvare - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programfiler\Lenovo\PkgMgr\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156239285787 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing) O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: System Update (SUService) - - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.EXE O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe -- End of file - 11548 bytes </div> Lastet ned programmet og scannet. Hva bør/skal jeg gjøre videre? Edit: Dette er på min bærbare PC Endret 9. oktober 2007 av 2bb1 Lenke til kommentar
norbat Skrevet 11. september 2007 Del Skrevet 11. september 2007 Loggen viser ingen spesielle ting. Du kan derfor prøve følgende: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Deretter laster du ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Post loggfilen fra combofix (vanligvis c:\combofix.txt) + loggen fra SAS (preferences->statistics/logs) Lenke til kommentar
2bb1 Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 ComboFix logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-10.6 - "2bb1" 2007-09-12 9:00:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.959 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 ))))))))))))))))))))))))))))))) . 2007-09-12 09:00 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8 2007-09-12 08:59 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-09-12 08:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-12 08:51 <DIR> dr-h----- C:\MSOCache 2007-09-11 15:27 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-03 15:17 <DIR> d-------- C:\Programfiler\Opera 2007-09-03 15:17 <DIR> d-------- C:\DOCUME~1\2bb1\PROGRA~1\Opera 2007-08-20 09:44 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\Favoritter 2007-08-15 17:39 <DIR> d-------- C:\Programfiler\DynGate 2007-08-15 17:39 <DIR> d-------- C:\DOCUME~1\2bb1\temp 2007-08-12 14:58 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys 2007-08-12 03:49 <DIR> d-------- C:\games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-12 09:03 --------- d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\Microsoft Help 2007-09-07 11:21 --------- d-a------ C:\Programfiler\Nokia 2007-09-07 10:30 --------- d-a------ C:\Programfiler\Google 2007-09-07 10:30 --------- d-a------ C:\Programfiler\Efofex 2007-08-20 12:40 --------- d-a------ C:\Programfiler\QuickTime 2007-08-13 00:21 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-08-12 14:40 --------- d-a------ C:\DOCUME~1\2bb1\PROGRA~1\Nokia 2007-08-12 12:51 --------- d-a------ C:\Programfiler\Ontrack 2007-08-11 01:37 108144 --a------ C:\windows\system32\CmdLineExt.dll 2007-08-11 01:37 --------- dr-h----- C:\DOCUME~1\2bb1\PROGRA~1\SecuROM 2007-08-11 01:02 --------- d-a------ C:\Programfiler\Network Stumbler 2007-08-11 01:01 --------- d-a------ C:\Programfiler\OpenOffice.org 2.0 2007-08-11 00:57 23552 --a------ C:\windows\system32\drivers\psasrv.exe 2007-08-11 00:57 --------- d-------- C:\Programfiler\Skype 2007-08-11 00:56 --------- d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\Skype 2007-08-10 20:11 --------- d-a------ C:\DOCUME~1\2bb1\PROGRA~1\dvdcss 2007-08-09 03:38 --------- d-------- C:\Programfiler\Backsic 2007-08-09 00:58 --------- d-a------ C:\DOCUME~1\2bb1\PROGRA~1\PC Suite 2007-08-09 00:55 --------- d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\PC Suite 2007-08-09 00:44 --------- d-a------ C:\Programfiler\DIFX 2007-08-09 00:44 --------- d-------- C:\Programfiler\PC Connectivity Solution 2007-08-09 00:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Installations 2007-08-09 00:39 --------- d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\Downloaded Installations 2007-08-06 17:59 --------- d-a------ C:\DOCUME~1\2bb1\PROGRA~1\uTorrent 2007-08-04 22:58 --------- d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\DVD Shrink 2007-07-30 19:19 92504 --a------ C:\windows\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\windows\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\windows\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\windows\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\windows\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\windows\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\windows\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\windows\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\windows\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\windows\system32\wups.dll 2007-07-29 20:56 737280 --a------ C:\windows\iun6002.exe 2007-07-29 20:27 --------- d-------- C:\Programfiler\TurboSpiritXTTrial_at 2007-07-21 21:39 --------- d-------- C:\DOCUME~1\2bb1\PROGRA~1\FrostWire 2007-06-26 08:10 1104896 --a------ C:\windows\system32\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\windows\system32\gdi32.dll 2007-06-13 15:24 1033216 --a------ C:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 18:05] "TpShocks"="TpShocks.exe" [2005-11-07 11:14 C:\WINDOWS\system32\TpShocks.exe] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 14:17] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 14:16] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 01:13] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-26 01:13] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 C:\WINDOWS\system32\bthprops.cpl] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 17:15] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-01-10 10:44] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-01-10 10:41] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-01-10 10:45] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 16:47] "DAEMON Tools"="D:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57] "pdfSaver3"="" [] "MMReminderService"="D:\Programfiler\Mindjet\MindManager 6\MMReminderService.exe" [] "cssauth"="C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 14:00] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Documents and Settings\2bb1\Programdata\Mozilla\Firefox\Profiles\sdstqun7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\2bb1\Programdata\Mozilla\Firefox\Profiles/sdstqun7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 22:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 nwprovau R0 Shockprf;Shockprf;C:\windows\system32\drivers\Shockprf.sys R0 TPDiskPM;TPDiskPM;C:\windows\system32\drivers\TPDiskPM.sys R1 ANC;ANC;C:\windows\system32\drivers\ANC.SYS R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys R1 oreans32;oreans32;\??\C:\windows\system32\drivers\oreans32.sys R1 ShockMgr;ShockMgr;C:\windows\system32\drivers\ShockMgr.sys R1 TPPWRIF;TPPWRIF;C:\windows\system32\drivers\Tppwrif.sys R2 smi2;smi2;\??\C:\Programfiler\SMI2\smi2.sys R3 TPInput;TPInput;C:\windows\system32\DRIVERS\TPInput.sys R3 TPM;Winbond Trusted Platform Module;C:\windows\system32\DRIVERS\tpm.sys S3 CrystalCpuInfo;CrystalCpuInfo;\??\D:\Programfiler\OCCT\CpuInfo.sys S3 hamachi_oem;PlayLinc Adapter;C:\windows\system32\DRIVERS\gan_adapter.sys S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS S3 TcUsb;TC USB Kernel Driver;C:\windows\system32\Drivers\tcusb.sys S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\windows\system32\DRIVERS\nsctpm11.sys *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-08-15 20:34:00 C:\windows\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-09-12 07:03:07 C:\windows\Tasks\PMTask.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-12 09:03:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-09-12 9:05:58 . --- E O F --- Kjørte så CCleaner, og renset. SAS logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/12/2007 at 10:43 AM Application Version : 3.9.1008 Core Rules Database Version : 3304 Trace Rules Database Version: 1310 Scan type : Complete Scan Total Scan Time : 01:20:36 Memory items scanned : 574 Memory threats detected : 0 Registry items scanned : 4845 Registry threats detected : 27 File items scanned : 35710 File threats detected : 2 Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet002\Services\oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Adware.WhenU D:\PROGRAMFILER\DAEMON TOOLS\SETUPDTSB.EXE Lenke til kommentar
2bb1 Skrevet 9. oktober 2007 Forfatter Del Skrevet 9. oktober 2007 Mulig å se noe utifra de loggene Norbat? Lenke til kommentar
norbat Skrevet 9. oktober 2007 Del Skrevet 9. oktober 2007 Selv om loggene begynner å bli noen dager gamle, så ser de greie ut. SAS fjernet noe rammel, men..... Antar PC-en fortsatt er treg? Gjorde du noe i forkant av denne tregheten eller ble det bare sånn uten videre? Lenke til kommentar
2bb1 Skrevet 9. oktober 2007 Forfatter Del Skrevet 9. oktober 2007 Kan ikke huske å ha gjort noe spesielt nei. Den er fortsatt sørpe treg ja. Bruker over 5 minutt på å slå seg på å bli klar, dette tok kanskje 40 sekund før. Driver å scanner gjennom med Ad-Aware nå, skal jeg poste ny SAS og Combfix logg etter det, eller er det lite vits? Lenke til kommentar
snippsat Skrevet 9. oktober 2007 Del Skrevet 9. oktober 2007 (endret) Hardware eller win. Et par kjappe ting og teste. Boot f8 sikkerhetmodus. http://www.nu2.nu/pebuilder/ https://help.ubuntu.com/community/LiveCD Går det like treg i disse testene er det nok hardware. Du overklokker jo en del,klokke ned for og se om det hjelper. Kjøre gjennom noen tester. Hd tune--memtest86+1.70 Defragmere(sett sidevelksfil til 0mb restart så defragmere opprett sideveksel fil igjen) Har vært borti at pagefile.sys her blitt korrupt viss du oc minnet for høyt. Endret 9. oktober 2007 av SNIPPSAT Lenke til kommentar
2bb1 Skrevet 9. oktober 2007 Forfatter Del Skrevet 9. oktober 2007 Takk for svar SNIPPSAT Glemte å nevne at dette problemet er på min bærbare PC, ergo så er ikke overklokking grunnen til at den er blitt treg. Forandrer det på saken, eller skal jeg fortsatt gå i sikkerhetsmodus gjøre de to tingene? (PEBuilder og Ubuntu). Lenke til kommentar
snippsat Skrevet 9. oktober 2007 Del Skrevet 9. oktober 2007 (endret) Ahh ok. Kjør det testene det er greit og vite om det er hardware eller win. Er den bare treg i oppstarten eller hele tiden? Nettverkstilkobling kan lage lang oppstart tid. Endret 9. oktober 2007 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå