[løst]Pappas trege PC trenger hjelp

[NinaSkj]

Hei,

 

Etter selvtilliten som meldte seg igår har jeg kastet meg over pappas PC. Her er HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:37:53, on 20.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Java\j2re1.4.2_05\bin\jucheck.exe

C:\Apps\Powercinema\PCMService.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\DOCUME~1\KNUTSK~1\LOKALE~1\Temp\Midlertidig mappe 1 for HiJackThis[1].zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfjbb.net/category.php?categoryID=1929

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.02.3000.1001\en-xu\stmain.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.4000.1001\no\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar1.02.4000.1001\no\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programfiler\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [msnappau] "C:\Programfiler\MSN Apps\Updater1.02.0002.1001\no\msnappau.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nor.htm

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://foto.aftenposten.no/activex/ImageUploader3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ptssvc - Unknown owner - C:\Programfiler\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)

O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

 

--

End of file - 9543 bytes

 

 

og

 

COMBOfixlogg....

 

 

.

 

((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))

.

 

2008-03-20 18:49 . 2008-03-20 18:49 <DIR> dr-h----- C:\Documents and Settings\Knut Skjelbred\Siste

2008-03-20 18:44 . 2008-03-20 18:45 <DIR> d-------- C:\Programfiler\CCleaner

2008-03-20 18:33 . 2008-03-20 18:33 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-18 16:50 . 2008-03-18 16:50 <DIR> d-------- C:\Programfiler\Lavasoft

2008-03-18 16:50 . 2008-03-18 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-18 16:47 . 2008-03-18 16:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 18:05 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-18 15:21 --------- d-----w C:\Programfiler\Google

2008-03-18 15:12 --------- d-----w C:\Documents and Settings\Knut Skjelbred\Programdata\Lavasoft

2008-03-11 14:20 --------- d-----w C:\Documents and Settings\Knut Skjelbred\Programdata\Image Zone Express

2008-02-14 15:29 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 14:13 102400]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 14:12 684032]

"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-01-11 06:33 143360 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 21:05 32881]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 16:06 71304]

"URLLSTCK.exe"="C:\Programfiler\Norton Internet Security\UrlLstCk.exe" [2004-02-02 09:03 70760]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 02:14 81920]

"msnappau"="C:\Programfiler\MSN Apps\Updater\01.02.0002.1001\no\msnappau.exe" [ ]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-10 22:15 100056]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-07-05 15:21 180269]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-25 18:58 282624]

"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^KODAK Picture Transfer Software.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\KODAK Picture Transfer Software.lnk

backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

S2 ptssvc;ptssvc;C:\Programfiler\KODAK\KODAK Picture Transfer Software\PTSsvc.exe []

 

*Newly Created Service* - AAWSERVICE

.

Contents of the 'Scheduled Tasks' folder

"2007-09-14 19:14:08 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"

- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/task:

"2008-03-20 18:07:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 19:05:47

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Programfiler\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

.

Completion time: 2008-03-20 19:10:13

.

2008-03-13 15:06:54 --- E O F ---

 

 

 

Vi synes denne PCen virker litt underdimensjonert for XP som den ble levert med men det kan jo hende det ligger noe drit her også.

Endret 28. april 2008 av NinaSkj
Vel mange e'er i "trege" i emnetittelen.

[norbat]

Loggene viser ingen infeksjoner. At PC-en er treg, kan skyldes flere ting, bla. lite minne og mange program som kjører i bakgrunnen. Eldre versjoner av Norton < 2007, er også rimelig ressurskrevende og om din fars versjon er eldre enn 2007 samt at PC-en har lite minne, så bør du vurdere å avinstallere Norton og heller gå for et annet antivirusprogram (eks. AVG, som er gratis).