[ULØST] Har en mistanke om malware/virus - HJT og SAS logg

[Gjest Slettet+9871234]

Hallo

 

Har en mistanke om malware/virus ettersom programvare og windows kræsjer og spyr opp feilmeldinger nesten hele tiden. Rimelig plagsomt..

 

HijackThis

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:43:35, on 05.12.2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne1\fah.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne2\fah.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne3\fah.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne4\fah.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\smpd.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne1\FahCore_78.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne2\FahCore_81.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne3\FahCore_78.exe

C:\Windows\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\EVEMon\EVEMon.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Xfire\xfire.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\Norman\Nvc\bin\cclaw.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\Torstein\Documents\Folding at home\Kjerne4\FahCore_79.exe

C:\Program Files\Norman\npm\bin\niu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Torstein\Desktop\umbrella.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O1 - Hosts: ::1 localhost

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///J:/HD-DVD9%20Files/components/A9.ocx

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: FAH@C:+Users+Torstein+Documents+Folding at home+Kjerne1+fah.exe - Unknown owner - C:\Users\Torstein\Documents\Folding at home\Kjerne1\fah.exe

O23 - Service: FAH@C:+Users+Torstein+Documents+Folding at home+Kjerne2+fah.exe - Unknown owner - C:\Users\Torstein\Documents\Folding at home\Kjerne2\fah.exe

O23 - Service: FAH@C:+Users+Torstein+Documents+Folding at home+Kjerne3+fah.exe - Unknown owner - C:\Users\Torstein\Documents\Folding at home\Kjerne3\fah.exe

O23 - Service: FAH@C:+Users+Torstein+Documents+Folding at home+Kjerne4+fah.exe - Unknown owner - C:\Users\Torstein\Documents\Folding at home\Kjerne4\fah.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Windows\system32\smpd.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 8038 bytes

 

SAS

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/04/2007 at 11:32 PM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3354

Trace Rules Database Version: 1353

 

Scan type : Complete Scan

Total Scan Time : 00:47:21

 

Memory items scanned : 575

Memory threats detected : 0

Registry items scanned : 5712

Registry threats detected : 0

File items scanned : 88608

File threats detected : 0

[/skul]

[norbat]

Hva slags feilmeldinger er det du får?

 

Du kan evt. sjekke hva som er ustabilt ved å se i pålitelighetsovervåkningen:

Kontrollpanelet ->System og vedlikehold -> Ytelsesinformasjon og verktøy -> Avanserte verktøy -> Pålitelighets- og ytelsesovervåkning.

 

Derfra burde du finne ut hva som gjør systemet ditt ustabilt.

[Gjest Slettet+9871234]

Har score 2.82 og det er oftest "Programvarefeil".

 

Er at spill, nettleser og andre programmer "sluttet å svare" eller "Sluttet og virke". En gjenganger er Opera(!), Psychonaut, WLM (nyeste), og EVE-Online sin klient.

[norbat]

Under selve diagrammet - pålitelighetsovervåking (viser en skala fra 0 - 10, der 10 betyr stabil) finner du en Systemstabilitetsrapport som kanskje kan si noe om hva slags feil det er. Ut fra dette kan du evt. iverksette noen tiltak.