CPU forbruk rett opp til 100%

kenny480 · 10. februar 2008

Har en travelmate 2410 og har kun oppgradert RAMen til 1GB.

Når jeg først fikk den virka det helt fint å spille WoW på, men nå i det siste får

jeg ofte bluescreen og maskinen slår seg av random når jeg spiller WoW.

Hvis jeg er så heldig at den ikke slår seg av eller bluescreen kommer opp

går CPU forbruket rett opp til 100% Er bombe sikker på at det ikke er noe galt med RAMen.

Den har en Intel Celeron 1,5GHz CPU, 128MB skjermkort, 1GB Kingston minne, 40GB HDD.

Noen som vet hva problemet kan være?

Garanti · 10. februar 2008

Hvordan vet du at det ikke er noe galt med ram'en? Kjørt memtest?

Tordenflesk · 10. februar 2008

1. Hva er det som okkuperer CPUen?

2. Hvorfor nevner du i det hele tatt RAMen hvis det ikke er noe feil med den?

kenny480 · 10. februar 2008

Det står at det er 43 prosesser som kjører, de bruker mest av CPUen er taskmgr.exe explorer.exe og WOW.exe. Har sånn RAM optimaliserings program. Står at det er 400-500 ledig RAM til en hver tid når jeg spiller.

snippsat · 10. februar 2008

Kan se om det er noe grums.

Last ned HijackThis legg i egen mappe på skrivebordet.

Kjør og post loggen her.

Du bør teste minnet.

Last ned brenn.

http://www.ultimatebootcd.com/

Boot velg memtest86+ 1.70

Tar ikke så lang tid og få det ut av bildet.

Endret 10. februar 2008 av SNIPPSAT

kenny480 · 10. februar 2008

Får ikke lasta opp logg filen.. "Opplastning feilet. Du har ikke lov å laste opp denne filtypen"

Har ikke cd-brenner så det blir litt vanskelig. Kan jeg bruke daemontools til memtest?

Endret 10. februar 2008 av kenny480

snippsat · 10. februar 2008

Du kan kopiere teksten og lime den inn i ny post.

http://www.softpedia.com/get/Others/Home-E...n/Prime95.shtml

Så kjører du en stund med blend som valg.

Blend tester minne og litt cpu.

kenny480 · 10. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:17, on 10.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\PowerKey.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSDCtrl.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Acer\eRecovery\Monitor.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\AceLogix\Free Ram Optimizer\fro.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Ken-Daniel Hansen\Skrivebord\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thepiratebay.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {70CC76D5-A4EE-4F25-9931-B109A63E298E} - (no file)

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LaunchAp] "C:\Programfiler\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Programfiler\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Programfiler\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Programfiler\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Programfiler\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Programfiler\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Programfiler\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~2\NSR\Agent\NSRTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\system32\iexplore

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Programfiler\AceLogix\Free Ram Optimizer\fro.exe

O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Programfiler\Video ActiveX Object\isamntr.exe

O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Programfiler\Video ActiveX Object\pmsnrr.exe

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programfiler\Video Add-on\icthis.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programfiler\Video Add-on\isfmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)

O22 - SharedTaskScheduler: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)

O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - (no file)

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Programfiler\iPod\bin\iPodService.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 9814 bytes

snippsat · 10. februar 2008

Ja her var det mye grums.

Lett blaning av spyware og virus.

Vi starter med dette.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Last ned kjør SAS free

Post logg.

Når dette gjort restart og ny HijackThis logg

Endret 10. februar 2008 av SNIPPSAT

kenny480 · 10. februar 2008

[sun Feb 10 11:37:22 2008]

Compare your results to other computers at http://www.mersenne.org/bench.htm

Intel® Celeron® M processor 1.50GHz

CPU speed: 1496.36 MHz

CPU features: RDTSC, CMOV, Prefetch, MMX, SSE, SSE2

L1 cache size: 32 KB

L2 cache size: 1024 KB

L1 cache line size: 64 bytes

L2 cache line size: 64 bytes

TLBS: 128

Prime95 32-bit version 25.5, RdtscTiming=1

Best time for 768K FFT length: 75.054 ms.

Best time for 896K FFT length: 90.198 ms.

Best time for 1024K FFT length: 103.419 ms.

Best time for 1280K FFT length: 133.164 ms.

Best time for 1536K FFT length: 155.755 ms.

Best time for 1792K FFT length: 187.710 ms.

Best time for 2048K FFT length: 208.354 ms.

Best time for 2560K FFT length: 274.549 ms.

Best time for 3072K FFT length: 333.427 ms.

Best time for 3584K FFT length: 401.201 ms.

snippsat · 10. februar 2008

Ja vent med test av prime.

Forsett med det jeg postet over.

kenny480 · 10. februar 2008

ComboFix 08-02.05.3 - Ken-Daniel Hansen 2008-02-10 11:45:57.1 - FAT32x86

Running from: C:\Documents and Settings\Ken-Daniel Hansen\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))

.

2008-02-10 11:43 . 2008-02-05 04:16 <DIR> d-------- C:\ComboFix[1]

2008-02-09 00:03 . 2008-02-09 00:03 <DIR> d--hs---- C:\FOUND.001

2008-02-07 18:07 . 2008-02-07 18:07 <DIR> dr-h----- C:\Documents and Settings\Ken-Daniel Hansen\Siste

2008-02-07 18:05 . 2008-02-07 18:05 <DIR> d-------- C:\Programfiler\CCleaner

2008-02-04 00:49 . 2008-02-04 00:49 <DIR> d--hs---- C:\FOUND.000

2008-02-03 04:21 . 2008-02-03 04:21 <DIR> d-------- C:\Programfiler\AceLogix

2008-02-02 12:52 . 2008-02-02 12:52 <DIR> d-------- C:\Programfiler\ESET

2008-02-02 12:52 . 2008-02-02 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET

2008-02-01 15:39 . 2008-02-01 15:39 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2008-02-01 14:16 . 1998-11-13 14:09 306,688 --a------ C:\WINDOWS\IsUn0414.exe

2008-02-01 14:15 . 2008-02-01 14:15 272 --a------ C:\WINDOWS\_delis32.ini

2008-01-22 20:37 . 2008-01-22 20:37 <DIR> d-------- C:\Programfiler\uTorrent

2008-01-22 20:37 . 2008-01-22 20:37 <DIR> d-------- C:\Documents and Settings\Ken-Daniel Hansen\Programdata\uTorrent

2008-01-22 20:32 . 2008-01-22 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Azureus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys

2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-11-14 07:29 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Free Ram Optimizer"="C:\Programfiler\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]

"RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]

"LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]

"PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]

"LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]

"CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]

"LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]

"Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]

"eRecoveryService"="C:\Programfiler\Acer\eRecovery\Monitor.exe" [2005-06-29 17:26 352256]

"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]

"PwrUpTweakMe"="C:\WINDOWS\system32\PuXpTwks.exe" [2004-06-12 17:51 45056]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]

"NSRKey"="C:\PROGRA~1\NORTON~2\NSR\Agent\NSRTray.exe" [ ]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]

"egui"="C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk

backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-06-06 23:46 57344 C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2007-04-04 00:29 165784 C:\Programfiler\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

C:\Programfiler\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Packard Bell Data Secure]

--a------ 2006-06-20 14:15 2361856 C:\Programfiler\Packard Bell Data Secure\PBDataSecure.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 11:47:47

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-10 11:48:22

.

2008-01-09 02:16:46 --- E O F ---

kenny480 · 10. februar 2008

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 02/10/2008 at 12:26 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399

Trace Rules Database Version: 1391

Scan type : Complete Scan

Total Scan Time : 00:34:34

Memory items scanned : 491

Memory threats detected : 0

Registry items scanned : 5259

Registry threats detected : 98

File items scanned : 37376

File threats detected : 23

Trojan.Smitfraud Variant/IE Anti-Spyware

HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@tradedoubler[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@revsci[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@cgi-bin[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@clicksor[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel [email protected][2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@xiti[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@tacoda[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel [email protected][2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel [email protected][1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@mediaplex[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@adbrite[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@indextools[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel [email protected][2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@clicktorrent[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@indexstats[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@statcounter[2].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@adserver[1].txt

C:\Documents and Settings\Ken-Daniel Hansen\Cookies\ken-daniel hansen@zedo[2].txt

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start-meny\Online Security Guide.url

C:\Documents and Settings\All Users\Start-meny\Security Troubleshooting.url

Trojan.Media-Codec

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#exemplars [ {2acf3add-34a1-4f2f-99cf-cc69785d1e90} ]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{2acf3add-34a1-4f2f-99cf-cc69785d1e90} [ exemplars ]

Trojan.Media-Codec/V4

HKU\S-1-5-21-3056089665-1383061284-148438752-1005\Software\Online Add-on

Malware.VirusProtect

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\dovjsnWw

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\fthYjgadnhhld

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\nwRqnbzwup

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\qlecrenpx

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\vkKxy

HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\weaqce

HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}

HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0

HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\win32

HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\FLAGS

HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\HELPDIR

HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}

HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\ProxyStubClsid

HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\ProxyStubClsid32

HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\TypeLib

HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\TypeLib#Version

HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}

HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\ProxyStubClsid

HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\ProxyStubClsid32

HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\TypeLib

HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\TypeLib#Version

HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}

HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\ProxyStubClsid

HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\ProxyStubClsid32

HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\TypeLib

HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\TypeLib#Version

HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}

HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\ProxyStubClsid

HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\ProxyStubClsid32

HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\TypeLib

HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\TypeLib#Version

HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}

HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\ProxyStubClsid

HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\ProxyStubClsid32

HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\TypeLib

HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\TypeLib#Version

HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}

HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\ProxyStubClsid

HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\ProxyStubClsid32

HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\TypeLib

HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\TypeLib#Version

HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}

HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\ProxyStubClsid

HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\ProxyStubClsid32

HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\TypeLib

HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\TypeLib#Version

HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}

HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\ProxyStubClsid

HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\ProxyStubClsid32

HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\TypeLib

HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\TypeLib#Version

HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}

HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\ProxyStubClsid

HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\ProxyStubClsid32

HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\TypeLib

HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\TypeLib#Version

HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}

HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\ProxyStubClsid

HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\ProxyStubClsid32

HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\TypeLib

HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\TypeLib#Version

HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}

HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\ProxyStubClsid

HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\ProxyStubClsid32

HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\TypeLib

HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\TypeLib#Version

HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}

HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\ProxyStubClsid

HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\ProxyStubClsid32

HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\TypeLib

HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\TypeLib#Version

HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}

HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\ProxyStubClsid

HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\ProxyStubClsid32

HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\TypeLib

HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\TypeLib#Version

HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}

HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\ProxyStubClsid

HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\ProxyStubClsid32

HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\TypeLib

HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\TypeLib#Version

HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}

HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\ProxyStubClsid

HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\ProxyStubClsid32

HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\TypeLib

HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\TypeLib#Version

HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}

HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\ProxyStubClsid

HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\ProxyStubClsid32

HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\TypeLib

HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\TypeLib#Version

kenny480 · 10. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48:38, on 10.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

C:\Programfiler\Launch Manager\LaunchAp.exe

C:\Programfiler\Launch Manager\PowerKey.exe

C:\Programfiler\Launch Manager\HotkeyApp.exe

C:\Programfiler\Launch Manager\OSDCtrl.exe

C:\Programfiler\Launch Manager\Wbutton.exe

C:\Programfiler\Acer\eRecovery\Monitor.exe

C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe

C:\Programfiler\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\AceLogix\Free Ram Optimizer\fro.exe

C:\WINDOWS\system32\wuauclt.exe