NOwar
-
Innlegg
44 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av NOwar
-
-
Har no lest at ACHI ikkje er problemet, men forstår fremdeles ikkje kva som gjer at maskina berre restartar seg utan grunn.
Maskina restarter ikkje når eg ikkje viss eg ikkje røre noko, men restartarplutseleg viss eg for eksempel skriv inn brukarnamn på steam kontoen min, eller går inn i windows utforsker.
Har starta opp i sikkerhets modus, og då restarta maskina når eg kjørte check disk på to mine 2 større diskar samtidig.
I skrivande stund kjører eg check disk på den eine disken, mens eg er i "safe mode".
Hadde problem med restarting før eg installerte windows på nytt og, men det trudde eg hadde sammenheng med uekte windows key, derav den nye installeringen. den nye installasjonen er forresten ekte win7 proffesjonal. (fra msdn)
baklager for rot i forklaring av problem og oppsummering av det eg har gjort. er møkka lei av maskina og heile problemet.
her er fra begynnelsen:
Hadde problema med installeringen og:
-først denne feilen:
<quote>Setup was unable to create a new system partition or locate an existing system partition.
See the setup log files for more information</quote>
så fjerna eg alle andre hdd og da kom denne:
<quote>
"Windows failed to start. A recent hardware or software change might be the cause.
To fix the problem:
1. Insert your Windows installation disc and restart the computer.
2. Choose your language settings and click next.
3. Click "repair your computer"</quote>
og så kom feilene ca i bilet rekkefølge:
etter det siste bildet restarta eg og fekk installert windows og alt virka bra intil eg skrudde av maskina, kobla til 2 hdd, og starta på nytt igjen.
Håpe nokon kan hjelpa.
-
Har nettopp reinstallert windows 7, skifta frå (ide?) til ACHI i bios og alt fungerte fint framtil eg kobla til mine større hdd diska. Maskina har restarta av seg sjøl/får bluescreen kvar gong eg går inn på windows utforsker. Trur det har med de større hdd å gjera. når dei startar opp så klikke maskino.
Må alle diskar vera blanke når du skifte til ACHI?
takk for alle svar
-
Er en multicom khlb2
-
Hei
Vet at porten fungerer som usb port, men lurer på om den fungerer som en form for eSATA?
-
Hei
Eg fekk nettopp ein WD VelociRaptor® som eg ikkje har bruk for nokon plass, og lurte på om ein kan få utnytta hastigheten ved å bruke den som ekstern disk?
Har lurt på Akasa Integral S 3.5" HDD Kabinett, men er veldig nyskjerrig på om eSATA standaren er noko som kan vera forholdsvis raskt.
Nokon som har ein ide til kva eg kan bruka han til?
-
Fungerte knallbra. Har festa ein av viftene til S1, og kjører på 800 rpm, prosessor kjøler på 900 rpm og inntaket på 800. Er nesten heilt stille, må legga øyra på kabinettet for å høyra om maskina er på.
Takk for all hjelp!
-
Då er dette bestilt frå cdon.no:
Antec Signature Series 650W
Arctic Cooling Accelero S1 (Rev 2)
Noctua NF-S12B FLX 120mmfläkt, 1200/900/600rpm
Arctic Cooling MX-2 Thermal Compound - 4 gram
Arctic Cooling Accelero Xtreme Mounting Plate VR005 (for thermal adhesive)
Scythe Mugen II
Sum med frakt: 2225,-
Kan stenge tråd.
-
Vurdere no desse komponentane for å gjera dataen min "lydlaus":
Frå cdon:
Antec Signature Series 650W
Arctic Cooling Accelero S1 (Rev 2)
Noctua NF-S12B FLX 120mmfläkt, 1200/900/600rpm (2stk)
Scythe Mugen II
Vil dette fungere sammen med:
Frå Komplett:
MSI K9A Platinum, ATI RD580+SB600, DDR2,
(Socket-AM2, Crossfire XP3200, 2xPCI-Ex16)
AMD Athlon 64 X2 4600+ 2.4GHz Socket AM2
(1MB, BOXED m/vifte)
Corsair TWIN2X 6400C4 DDR2, 2048MB CL4,
(Kit w/two 1GB Dimm's, E.P.P Technology)
Cooler Master Centurion 534, Sort,
(Aluminium Front (Uten Strømforsyning))
Samsung DVD-brenner SH-S183A SATA
(Black OEM)
Ati Radeon x1950 xtx Pci-e
Corsair SSD Nova Series 2,5" 64GB
(SATA2, 215MB/130MB/s read/write, incl 2,5" to 3,5")
2 stykk sata HDD "Green"
(maks rpm "7200")
Ide hdd (7200rpm)
Er bekymra for utgangar på strømmforsyning, og plass mellom kjøling på skjermkort og sata kontakter. lurer og på kor mange watt som vil bli trekt frå strømforsyning når eg ser på hd-film frå ein av "sata hdd"?
-
Eg har nett funne ut at eg ikkje kan så mykje om utrykk i forhold til kabinet og andre pc delar.
1.Er ein brønn ein plass til 3,5" hdd?
2.Korleis ser ein om ei vifte er stillegående eller bråkete?
3.Hvilke skjermkort er plass til i en HTPC, eller er det vanlig å gå for intigrert?
4.Korleis veit ein kva strømforsyning eg trenge?
Er det ein tråd eg bør lesa før eg kjøpe HTPC?
1.En brønn kan både være 2,5" 3,5" og 5.25". 2,5" og 3,5" er til harddisker og ssd'er mens 5,25" er til cd/dvd drev og alt annet som er laget for 5,25"
2.Det må du nesten lese tester på, eller se i databladet om du finner den infoen.
3.Du kan få plass til alt av skjermkort bare du har rett kabinett. Om pc'en bare skal brukes til media(Filmer, musikk osv) så holder nok en i3 og dens integrerte grafikkort.
4.Den skal kunne gi en del mere en det systemet bruker når det belastes fullt.
Takk
Då har eg kome fram til at eg berre vil bytte ut alle vifter, kjøpa nytt skjermkort og ny strømmforsyning.
Trenger mest hjelp med skjermkort. Helst passiv kjøling, men viktigst er at alt blir stille. Tenker å bruke skjermkortet når eg skal bygga meg ein skikkeleg HTPC.
-
Eg har nett funne ut at eg ikkje kan så mykje om utrykk i forhold til kabinet og andre pc delar.
Er ein brønn ein plass til 3,5" hdd?
Korleis ser ein om ei vifte er stillegående eller bråkete?
Hvilke skjermkort er plass til i en HTPC, eller er det vanlig å gå for intigrert?
Korleis veit ein kva strømforsyning eg trenge?
Er det ein tråd eg bør lesa før eg kjøpe HTPC?
-
http://www.komplett.no/k/ki.aspx?sku=513320 er utgangspunktet mitt.
Er litt usikker på om eg skal velga AMD løysning eller Intel. Nokon som har synspunkter på kva som er mest stabilt og lengst framme med teknologien for tida?
-
Muligens ein heilt ny og ferdigbygd htpc der eg kan bytta ut hdd med mine 2 store og en ssd-hdd 1.8"?
-
Trur eg går for nytt skjermkort og hovedkort.
Kansje dette kabinettet: http://www.komplett.no/k/ki.aspx?sku=513320#extra
Nokon tips til strømforsyning hovedkort osv? Ca sammenlagt pris?
-
Hei
Har:
2 stk hdd 3,5"
1 stk ssd hdd 1.8"
1 stk dvd
Hovedkort: msi K9A-Platinum: http://www.msi.com/product/mb/K9A-Platinum.html
Prosessor og ram
Skjermkort: ati Radeon x1950 xtx: http://reviews.cnet.com/graphics-cards/ati-radeon-x1950-xtx/1707-8902_7-32036686.html#manDesc
Trenge:
Stille kjøling av skjermkort, prosessor og generelt kabinett
Nytt kabinett: maks høgde 150mm
Maks dybde 500mm
Nokon som kan gi nokon tips?
-
Hei, eg treng meg ny bærbar datamaskin som eg skal bruka til alt mulig, men for det meste å notera på og litt programering o.l.
Minimumskrav:
prosessor: 2,0 duo
Minne: 3 Gb
Vekt: maks 3 kg
Skjerm: 13 - 16 helst 15,4 og viss 15,4 vil eg helst ha rundt 1600 piksler i bredden
Batteri tid: min 2 timar, men helst nermare 4
Tastaturet må ha Ctrl på riktig plass!!!
Føretrekke og at mousepad har 2 tastar, ikkje ein der ein må trykke på ein av sidene:)
Vil at den når eg kjører Windows 7, skal reagere kjapt.
Setter ikkje maks pris.
Tusen takk for alle svar:)
-
Eg har tenkt å kjøpa denna Bærbare dataen, men må venta til dei har fått inn skjermen min før eg får han. er det eit godt kjøp, eller kan eg få noko som er omtrendt lika bra no, uten å venta på skjermen?
Her er config:
Klikk for å se/fjerne innholdet nedenforMulticom Compal KHLB2Skjerm: 15.6" Wide-LED skjerm 1920x1080 Full-HD
CPU: Intel® Core™2 Duo P9700 processor, 2.8GHZ 1066MHz FSB 6MB cache 25W
HDD: 320GB SATA 7200RPM 2.5"
RAM: 4GB DDR3 SO-DIMM 1066MHz (2x2GB) (Byttes ut med G-skil minne for 100kr ekstra)
Turbo RAM: Intel® Turbo Memory 2GB
GPU: ATI Mobility Radeon™ HD 4650 skjermkort med 512MB GDDR3 minne
Batteri: 6 cellers batteri 4800mAh, 220min i BatteryMark 2007
Vekt 2,75kg
Pris 10850 kr
Meir info: Her
Skjermen kjem rundt 1. september.
-
Takk:yes: trur eg går for den;)
-
Eg lurer på å kjøpa meg ein bærbar pc frå multicom.no, men har høyrt at maskinene virker litt skrøplige og skranglete.
Viss nokon har ei multicommaskin, så ville eg vore glad for litt tilbakemelding på om da e noko å samla på eller ikkje.
lurer på denne maskina: Compal KHLB2 med 15,6" skjerm.
Angåande oprativsystem, Kva er anbefalt der?
-
Har sett på nokre oppsett frå Dell:
Dell Studio 15:
Klikk for å se/fjerne innholdet nedenforKomponenterFARGER, MØNSTRE OG ARTISTDESIGN Black chainlink
PROSESSOR Intel® Pentium® Dual Core T4200-prosessor (2,0 GHz, 800 MHz, 1 MB buffer)
OPERATIVSYSTEM Ekte Windows Vista® Home Premium SP1 64 Bit - Norsk
MICROSOFT-PROGRAMVARE Microsoft® Works 9.0 - norsk
KUNDESTØTTETJENESTER 3 års garantistøtte hjemme, inkludert kvelder og lørdager
LCD 15.6in Widescreen Full High Definition (1920x1080) WLED with TrueLife
WEBCAM 2,0 megapikslers integrert webkamera
MINNE 4096 MB 800 MHz tokanals DDR2 SDRAM [2 x 2024]
HARDDISK 320 GB (5400 rpm) SATA-harddisk
GRAFIKKORT 512 MB ATI Mobility RADEON HD 4570
OPTISK(E) STASJON(ER) Fast, innebygd DVD+/-RW-stasjon med innstikksplass, inkludert programvare
PRIMÆRBATTERI Primært 9-cellers litiumionbatteri (85 Wh)
Tilbehør
TRÅDLØS TILKOBLING Dell Wireless 1397 minikort (802.11 b/g)
Dell Studio xps 16
Klikk for å se/fjerne innholdet nedenforKomponenterPROSESSOR Intel® Core™ 2 Duo P8600-prosessor (2,40 GHz, 3 MB, 1066 MHz)
OPERATIVSYSTEM Ekte Windows Vista® Home Premium SP1 64 Bit - Norsk
MICROSOFT-PROGRAMVARE Microsoft® Works 9.0 - norsk
KUNDESTØTTETJENESTER 1 års Premium Warranty Support
LCD Black Leather back cover : 15.6" (inch) Truelife 1080p Full HD WLED Edge to Edge Display
MINNE 4096 MB 1067 MHz tokanals DDR3 SDRAM [2 x 2048]
HARDDISK 320 GB harddisk (7200 rpm) med fallsensor
GRAFIKKORT 1GB ATI® Radeon™ HD 4670 graphics card
OPTISK(E) STASJON(ER) Innebygd DVD+/-RW-stasjon med innstikksplass (leser og skriver DVD og CD), med programvare
PRIMÆRBATTERI Primært 6-cellers litiumionbatteri (56 Wh)
TV-TUNER OG FJERNKONTROLL No integrated TV Tuner (MLK base)
Tilbehør
BLUETOOTH Dell Wireless 370 Bluetooth-modul
TRÅDLØS TILKOBLING Intel WiFi Link 5300 halvt minikort (802.11 a/g/n) (Centrino)
Dell Latitude E6500 (11 107.00 kr)
Klikk for å se/fjerne innholdet nedenforKomponenterPROSESSOR Latitude E6500 - Intel® Core™ 2 Duo P8700(2.53GHz, 1066MHz,3MB/25W)
OPERATIVSYSTEM Ekte Windows Vista® Business SP1, 32-biters - norsk - med medier
GRAFIKKORT Mobile Intel® Graphics Media Accelerator X4500HD
LCD 15.4in Wide Screen WXGA+ (1440x900) with LED backlit
CAMERA No camera with microphone for LED Backlit LCD
BACK COVER Black Back Cover for LED Backlit LCD
MINNE 4GB 800MHz DDR2 memory (2 x 2GB)
HARDDISK 250GB serial ATA HDD 7200RPM (Free Fall Sensor)
OPTISK(E) STASJON(ER) 8x DVD+/RW Drive (with Software)
PRIMÆRBATTERI 9 Cell 85WHr LI-ION Primary Battery
TASTATUR Norwegian - Internal Qwerty Backlight Keyboard
Tilbehør
TRÅDLØS TILKOBLING Intel WiFi Link 5300 (802.11 a/g/n 3X3) 1/2 MiniCard with V/pro label
BLUETOOTH Internal Dell 370 Bluetooth™ Card
FINGERPRINT READER Swipe Fingerprint Reader
Takk på førehand
-
Sidan ingen har gitt tilakemelding på loggen min, reknar eg med at den er fin.
kan berre sletta posten.
Mvh meg
-
Den er grei:)
-
Slett denne tråden..
-
Klikk for å se/fjerne innholdet nedenfor
ComboFix 09-01-20.05 - hannyg1 2009-01-21 10:36:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.119 [GMT 1:00]
Running from: c:\documents and settings\hannyg1\skrivebord\ComboFix.exe
AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://ped-01wsus
.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\Malwarebytes
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 09:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 09:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-09 17:46 . 2001-09-30 19:10 246,784 --a------ c:\windows\system32\ActiveSkin.ocx
2009-01-09 17:46 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2009-01-09 17:46 . 2002-01-18 18:12 112 --a------ c:\windows\ActiveSkin.INI
2009-01-07 12:05 . 2009-01-20 11:31 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\U3
2009-01-06 11:00 . 2009-01-06 11:00 <DIR> d-------- c:\program files\Bonjour
2009-01-06 10:44 . 2009-01-06 10:44 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-06 09:56 . 2009-01-06 09:56 <DIR> d-------- c:\documents and settings\Hansi\Application Data\Hamachi
2009-01-03 18:01 . 2009-01-03 18:01 <DIR> d-------- c:\program files\Bytescout XLS Viewer
2008-12-27 16:53 . 2008-12-27 16:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 01:19 . 2008-12-25 01:19 0 --a------ c:\windows\tosOBEX.INI
2008-12-25 01:15 . 2008-12-25 01:15 <DIR> d-------- c:\program files\Toshiba
2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys
2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a------ c:\windows\system32\drivers\rfcomm.sys
2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a--c--- c:\windows\system32\dllcache\rfcomm.sys
2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys
2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys
2008-12-25 01:09 . 2009-01-21 10:23 836 --a------ c:\windows\bthservsdp.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\NPF
2009-01-21 09:28 5 ----a-w C:\NPF_USER.DAT
2009-01-21 09:24 --------- d-----w c:\program files\Norman
2009-01-21 08:32 --------- d-----w c:\program files\LogMeIn
2009-01-20 09:58 --------- d-----w c:\documents and settings\hannyg1\Application Data\Hamachi
2009-01-06 10:03 --------- d-----w c:\program files\Opera
2009-01-06 10:00 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 15:52 --------- d-----w c:\program files\Java
2008-12-27 12:44 --------- d-----w c:\documents and settings\Marta.H-OYG-BB-HANSI\Application Data\Hamachi
2008-12-11 15:18 --------- d-----w c:\documents and settings\hannyg1\Application Data\Ahead
2008-12-02 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-02 09:47 --------- d-----w c:\program files\Adobe Media Player
2008-12-02 09:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-02 09:07 --------- d-----w c:\documents and settings\hannyg1\Application Data\Download Manager
2008-11-28 10:10 --------- d-----w c:\documents and settings\hannyg1\Application Data\uTorrent
2008-11-24 08:27 --------- d-----w c:\program files\Google
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-10-24 11:14 109,568 ------w c:\windows\system32\pxinsi64.exe
2008-10-24 11:14 108,544 ------w c:\windows\system32\pxcpyi64.exe
2008-10-22 07:44 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-22 07:44 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-22 07:44 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-22 07:44 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-22 07:44 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2007-08-09 12:08 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-05-06 483328]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-12 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 1 (0x1)
"MaxGPOScriptWait"= 32000 (0x7d00)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-22 08:44 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup]
"Script"=lokadm.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1]
"Script"=pcbb.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon]
"Script"=Sym2Server.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon\1]
"Script"=OYG_elev.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Hansi^Start Menu^Programs^Startup^CCC.lnk]
path=c:\documents and settings\Hansi\Start Menu\Programs\Startup\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2006-10-16 01:41 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 20:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 NDIS_RD;Firewall Engine Type-R2;c:\windows\system32\drivers\Ndis_rd.sys [2008-03-27 53320]
R1 TDI_RD;Firewall Engine Type-R;c:\windows\system32\drivers\Tdi_rd.sys [2008-03-27 32176]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-28 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-03-27 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-03-27 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2008-03-27 146488]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-13 47640]
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2008-03-27 20448]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2008-09-12 40672]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-27 32000]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-09-12 12856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://oyg.hfk.no
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {1CD2079E-9E20-4468-8E20-BBA3800E7B3C} = 192.168.100.1
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
FF - ProfilePath - c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/webhp?hl=nn&btnG=Google-s%C3%B8k
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 10:43:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(836)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-01-21 10:46:32
ComboFix-quarantined-files.txt 2009-01-21 09:46:28
Pre-Run: 10 139 168 768 bytes free
Post-Run: 12,619,489,280 bytes free
232 --- E O F --- 2009-01-05 07:53:19
Malwarebytes' Anti-Malware 1.33
Databaseversjon: 1673
Windows 5.1.2600 Service Pack 2
21.01.2009 10:21:38
mbam-log-2009-01-21 (10-21-38).txt
Skanntype: Rask Skann
Objekter skannet: 87250
Tid tilbakelagt: 18 minute(s), 3 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 6
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
-
Klikk for å se/fjerne innholdet nedenforComboFix 09-01-20.05 - hannyg1 2009-01-21 10:36:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.119 [GMT 1:00]
Running from: c:\documents and settings\hannyg1\skrivebord\ComboFix.exe
AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated)
FW: Norman Personal Firewall v. 1.4 *enabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://ped-01wsus
.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\Malwarebytes
2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 09:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 09:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-09 17:46 . 2001-09-30 19:10 246,784 --a------ c:\windows\system32\ActiveSkin.ocx
2009-01-09 17:46 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2009-01-09 17:46 . 2002-01-18 18:12 112 --a------ c:\windows\ActiveSkin.INI
2009-01-07 12:05 . 2009-01-20 11:31 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\U3
2009-01-06 11:00 . 2009-01-06 11:00 <DIR> d-------- c:\program files\Bonjour
2009-01-06 10:44 . 2009-01-06 10:44 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-06 09:56 . 2009-01-06 09:56 <DIR> d-------- c:\documents and settings\Hansi\Application Data\Hamachi
2009-01-03 18:01 . 2009-01-03 18:01 <DIR> d-------- c:\program files\Bytescout XLS Viewer
2008-12-27 16:53 . 2008-12-27 16:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 01:19 . 2008-12-25 01:19 0 --a------ c:\windows\tosOBEX.INI
2008-12-25 01:15 . 2008-12-25 01:15 <DIR> d-------- c:\program files\Toshiba
2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys
2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a------ c:\windows\system32\drivers\rfcomm.sys
2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a--c--- c:\windows\system32\dllcache\rfcomm.sys
2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys
2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys
2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS
2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys
2008-12-25 01:09 . 2009-01-21 10:23 836 --a------ c:\windows\bthservsdp.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\NPF
2009-01-21 09:28 5 ----a-w C:\NPF_USER.DAT
2009-01-21 09:24 --------- d-----w c:\program files\Norman
2009-01-21 08:32 --------- d-----w c:\program files\LogMeIn
2009-01-20 09:58 --------- d-----w c:\documents and settings\hannyg1\Application Data\Hamachi
2009-01-06 10:03 --------- d-----w c:\program files\Opera
2009-01-06 10:00 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 15:52 --------- d-----w c:\program files\Java
2008-12-27 12:44 --------- d-----w c:\documents and settings\Marta.H-OYG-BB-HANSI\Application Data\Hamachi
2008-12-11 15:18 --------- d-----w c:\documents and settings\hannyg1\Application Data\Ahead
2008-12-02 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-02 09:47 --------- d-----w c:\program files\Adobe Media Player
2008-12-02 09:42 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-02 09:07 --------- d-----w c:\documents and settings\hannyg1\Application Data\Download Manager
2008-11-28 10:10 --------- d-----w c:\documents and settings\hannyg1\Application Data\uTorrent
2008-11-24 08:27 --------- d-----w c:\program files\Google
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-10-24 11:14 109,568 ------w c:\windows\system32\pxinsi64.exe
2008-10-24 11:14 108,544 ------w c:\windows\system32\pxcpyi64.exe
2008-10-22 07:44 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-22 07:44 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-22 07:44 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-22 07:44 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-22 07:44 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2007-08-09 12:08 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 12:10 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-05-06 483328]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-12 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 1 (0x1)
"MaxGPOScriptWait"= 32000 (0x7d00)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)
"DisallowCpl"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-22 08:44 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=lokadm.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\1]
"Script"=pcbb.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon\0\0]
"Script"=Sym2Server.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon\1\0]
"Script"=OYG_elev.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Hansi^Start Menu^Programs^Startup^CCC.lnk]
path=c:\documents and settings\Hansi\Start Menu\Programs\Startup\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2006-10-16 01:41 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 20:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 NDIS_RD;Firewall Engine Type-R2;c:\windows\system32\drivers\Ndis_rd.sys [2008-03-27 53320]
R1 TDI_RD;Firewall Engine Type-R;c:\windows\system32\drivers\Tdi_rd.sys [2008-03-27 32176]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-28 322616]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-03-27 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-03-27 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2008-03-27 146488]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-13 47640]
R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2008-03-27 20448]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2008-09-12 40672]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-27 32000]
S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-09-12 12856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://oyg.hfk.no
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {1CD2079E-9E20-4468-8E20-BBA3800E7B3C} = 192.168.100.1
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
FF - ProfilePath - c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/webhp?hl=nn&btnG=Google-s%C3%B8k
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 10:43:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(836)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-01-21 10:46:32
ComboFix-quarantined-files.txt 2009-01-21 09:46:28
Pre-Run: 10 139 168 768 bytes free
Post-Run: 12,619,489,280 bytes free
232 --- E O F --- 2009-01-05 07:53:19
Malwarebytes' Anti-Malware 1.33
Databaseversjon: 1673
Windows 5.1.2600 Service Pack 2
21.01.2009 10:21:38
mbam-log-2009-01-21 (10-21-38).txt
Skanntype: Rask Skann
Objekter skannet: 87250
Tid tilbakelagt: 18 minute(s), 3 second(s)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 6
Mapper infisert: 0
Filer infisert: 0
Minneprosesser infisert:
(Ingen mistenkelige filer funnet)
Minnemoduler infisert:
(Ingen mistenkelige filer funnet)
Registernøkler infisert:
(Ingen mistenkelige filer funnet)
Registerverdier infisert:
(Ingen mistenkelige filer funnet)
Registerfiler infisert:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mapper infisert:
(Ingen mistenkelige filer funnet)
Filer infisert:
(Ingen mistenkelige filer funnet)
[Løst] Maskina restartar ved oppstart
i Maskinen fungerer ikke
Skrevet
Var minnet som var feil. fjerna 2 brikker som vart installert for ca 2 månader sidan, så fungerte det fint.
Kva testar kan eg kjøra på minnet for å sjå om det er ødelagt eller berre innstillt feil?
Ka voltstyrke skal ddr 2 (800MHz) ha?