Cpu på 60-70 %

Aktiv system proces skal være høj, jo højere den er jo mindre laver maskinen.
Hvorfor den hedder et så misvisende nanv, må du spørge Hr.Havelåge om.

Følg vejledningen i denne artikel:
http://www.eksperten.dk/artikler/1123

hvis PC er langsom samtidig med at aktive system proces er høj, så synes jeg forklaringen plejer at ligge i at der er meget trafik til og fra harddisken, enten fordi der er fejl på harddisken, eller fordi din PC har for lidt RAM.
Men jeg er ikke helt med på hvor du ser de 60-70% og hvor du ser de 98-99%, der er stor forskel på de to.
Mht RAM så har mange af mine kunder oplevet at 256 MB ram til XP er blevet for lidt for ca ½ år siden. Tænker at det har noget med de opdateringer at gøre som der hentes til Windows, det er i hvert fald et scenarie der er dukket op så mange gange sidste år at jeg synes det ikke ser tilfældigt ud.

http://www.filehippo.com/download_ccleaner/ Hent denne og kør en rens og en gang problemer, slet det den finder.

Jeg er i gang med at følge den artikkel som fromsei har lagt op, og køre de forskellige programmer/scan igennem.

Mht. ram har jeg 2Gb ddr2 ram installaeret, og ja det er xp. Så det er vel ikke fordi der er for lidt installeret.

Det er i selve joblisten jeg finder de 60-70%.
Og under system processor ligger aktiv system proces på ca. 98-99 i "CPU".

-> fromsei.
Har du forstand og lyst til at tjekke mine logs igennem ?

Jeg tror jeg har fundet ud af hvad der er galt. Det er vist min eksterne hdd den er gal med.

Hver eneste gang jeg tager den fra falder cpu %, og når jeg tilslutter den stiger den helt forfærdelig.

Men jeg kan heller ikke finde selve den eksterne hdd når den er tilsluttet...
det er en 500 gb multimedie hdd.. Har i oplevet det før. Lidt ærgeligt, når jeg har en masse backup på den.

Ja, jeg har både forstand på det, og lysten. ;-)

Den eksterne disk er det en Maxtor?
Jeg kan svagt erindre et eller andet problem med Maxtordiske i eksterne boxe.

Det ved jeg faktisk ikke om det er, jeg prøver lige at tjekke det i aften.

Selve case er fra Dane-Elec.
Hdd er en So Speaky 500 gb.
Serie nr. S0MUJ1EP909150 håber det hjælper.

Lad os se de logs, om ikke andet, så for at udelukke den mulighed.

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
09-01-2008 17:38:29,34

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 17:38:29
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:dac59c18
"s2"=dword:468e897b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\jesper\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:22,74,40,03,e7,6a,d5,70,ab,bf,b6,5e,51,eb,61,47,97,0a,84,60,f3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,1f,9d,06,9c,6b,76,c9,1b,45,c4,39,d9,9c,b4,a7,19,..
"khjeh"=hex:b9,54,84,ea,1a,63,e6,e5,9f,ca,49,94,ca,fa,45,6b,e7,0f,84,57,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6b,06,81,f9,2d,0d,8b,af,02,b3,8a,57,2e,dc,16,76,7b,32,63,7d,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\jesper\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:22,74,40,03,e7,6a,d5,70,ab,bf,b6,5e,51,eb,61,47,97,0a,84,60,f3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,47,1f,9d,06,9c,6b,76,c9,1b,45,c4,39,d9,9c,b4,a7,19,..
"khjeh"=hex:b9,54,84,ea,1a,63,e6,e5,9f,ca,49,94,ca,fa,45,6b,e7,0f,84,57,7f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6b,06,81,f9,2d,0d,8b,af,02,b3,8a,57,2e,dc,16,76,7b,32,63,7d,ea,..

scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7EE4F4AD-A08E-0650-8EA0-2E14534E87E7}]
"abdejcjpnjlfabdoihlbiahilnlecmcjih"=hex:61,61,00,00
"bbdejcjpnjlfabdoiheffaepleapboakanki"=hex:61,61,00,00

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 17:37:34, on 09-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Jesper\Programmer\spd.exe
C:\jesper\Programmer\Eset\nod32krn.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Programmer\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\jesper\Programmer\Eset\nod32kui.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\PMHandler.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\jesper\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesper\Skrivebord\Eksperten\hijack\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/dk/da
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\jesper\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\jesper\games\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://150.134.221.65/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\jesper\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshampooDefragService -  - C:\jesper\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Jesper\Programmer\spd.exe" -service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\jesper\Programmer\Eset\nod32krn.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Programmer\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programmer\ThinkVantage\SystemUpdate\UCLauncherService.exe

ComboFix 08-01-07.5 - Jesper 2008-01-09 17:41:17.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.531 [GMT 1:00]
Running from: C:\Documents and Settings\Jesper\Skrivebord\Eksperten\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-12-09 to 2008-01-09  )))))))))))))))))))))))))))))))
.

2008-01-09 17:40 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-09 17:35 . 2008-01-09 17:35    <DIR>    d--------    C:\WINDOWS\LastGood
2008-01-08 20:25 . 2008-01-08 20:25    <DIR>    d--------    C:\Documents and Settings\Administrator.JEVER.000\Application Data\SUPERAntiSpyware.com
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    d--------    C:\Documents and Settings\Administrator.JEVER.000\Skrivebord
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.JEVER.000\Skabeloner
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.JEVER.000\Printere
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    dr-------    C:\Documents and Settings\Administrator.JEVER.000\Menuen Start
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.JEVER.000\Lokale indstillinger
2008-01-08 20:20 . 2004-09-10 11:34    <DIR>    dr-------    C:\Documents and Settings\Administrator.JEVER.000\Foretrukne
2008-01-08 20:20 . 2004-09-10 11:34    <DIR>    dr-------    C:\Documents and Settings\Administrator.JEVER.000\Dokumenter
2008-01-08 20:20 . 2006-09-08 10:04    <DIR>    d--------    C:\Documents and Settings\Administrator.JEVER.000\Bluetooth Software
2008-01-08 20:20 . 2006-09-08 10:19    <DIR>    d--------    C:\Documents and Settings\Administrator.JEVER.000\Application Data\Symantec
2008-01-08 20:20 . 2006-09-08 10:14    <DIR>    d--------    C:\Documents and Settings\Administrator.JEVER.000\Application Data\IBM
2008-01-08 20:20 . 2004-09-10 11:19    <DIR>    d--h-----    C:\Documents and Settings\Administrator.JEVER.000\Andre computere
2008-01-08 20:12 . 2008-01-08 20:12    <DIR>    d--------    C:\Documents and Settings\Jesper\Application Data\SUPERAntiSpyware.com
2008-01-08 20:12 . 2008-01-08 20:12    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-08 20:11 . 2008-01-08 20:11    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-05 15:45 . 2008-01-07 20:47    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-01-05 15:45 . 2008-01-05 15:45    1,409    --a------    C:\WINDOWS\QTFont.for
2008-01-05 02:17 . 2008-01-05 02:18    632    --a------    C:\WINDOWS\Sofplat.INI
2008-01-02 23:30 . 2008-01-02 23:30    8,192    --ahs----    C:\WINDOWS\Thumbs.db
2007-12-25 10:53 . 2007-11-29 21:31    782,336    -ra------    C:\WINDOWS\system32\tmp5761.tmp
2007-12-25 10:53 . 2007-11-29 21:31    782,336    -ra------    C:\WINDOWS\system32\tmp5760.tmp

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 17:04    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\uTorrent
2008-01-08 17:03    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\Metacafe
2008-01-08 17:03    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Metacafe
2008-01-05 23:00    5,427    ----a-w    C:\WINDOWS\system32\EGATHDRV.SYS
2008-01-05 13:50    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\LimeWire
2007-12-25 09:53    413,696    ----a-w    C:\WINDOWS\system32\wrap_oal.dll
2007-12-25 09:53    110,592    ----a-w    C:\WINDOWS\system32\OpenAL32.dll
2007-12-25 09:53    ---------    d-----w    C:\Programmer\OpenAL
2007-12-06 17:51    ---------    d-----w    C:\Programmer\Real
2007-12-06 17:51    ---------    d-----w    C:\Programmer\Fælles filer\xing shared
2007-12-06 17:51    ---------    d-----w    C:\Programmer\Fælles filer\Real
2007-12-04 16:32    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-12-04 16:25    ---------    d-----w    C:\Programmer\EA SPORTS
2007-11-14 16:20    ---------    d-----w    C:\Programmer\utorrent
2007-11-13 10:25    20,480    ----a-w    C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 17:17    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\Software Defender
2007-10-30 23:26    3,590,656    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44    1,291,776    ------w    C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43    8,472,064    ----a-w    C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01    227,328    ----a-w    C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01    227,328    ----a-w    C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:52    824,832    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:52    671,232    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:52    63,488    ------w    C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:52    6,065,664    ------w    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:52    52,224    ------w    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:52    478,208    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:52    459,264    ------w    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:52    44,544    ------w    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:52    384,512    ------w    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:52    383,488    ------w    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:52    27,648    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:52    267,776    ------w    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:52    232,960    ------w    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:52    230,400    ------w    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:52    214,528    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:52    193,024    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:52    153,088    ------w    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:52    132,608    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:52    124,928    ------w    C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:52    105,984    ------w    C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:52    102,400    ------w    C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:52    1,159,680    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 10:59    625,152    ------w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 10:58    70,656    ------w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 05:46    161,792    ------w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-01-28 19:40    81,920    ----a-w    C:\Documents and Settings\Jesper\Application Data\ezpinst.exe
2007-01-28 19:40    47,360    ----a-w    C:\Documents and Settings\Jesper\Application Data\pcouffin.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 16:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe]
"nod32kui"="C:\jesper\Programmer\Eset\nod32kui.exe" [2007-02-20 18:11 921600]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22 77824]
"Genvej til egenskabsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-05-20 09:28 24576]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 17:58 761945]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 15:25 98304]
"cssauthe"="C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 18:08 1988144]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-14 23:10 1236992]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-27 16:00 158720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedStartup"="C:\jesper\Programmer\Speed Startup\speedstartup.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\jesper\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\jesper\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Jesper\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-28 00:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-20 20:46 24576 C:\WINDOWS\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Ashampoo Magical Defrag.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Ashampoo Magical Defrag.lnk
backup=C:\WINDOWS\pss\Ashampoo Magical Defrag.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BTTray.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jesper^Menuen Start^Programmer^Start^Metacafe.lnk]
path=C:\Documents and Settings\Jesper\Menuen Start\Programmer\Start\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
-ra------ 2006-05-19 14:14 782336 C:\Jesper\Programmer\cFosSpeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 14:47 57344 C:\jesper\programmer\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\jesper\Programmer\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DailyDonkeyBot]
C:\Documents and Settings\Jesper\Skrivebord\BETTINGS\Lay2Lose\DailyDonkeyBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 08:18 270648 C:\jesper\Programmer\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--a------ 2005-12-07 01:00 106496 C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programmer\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
--a------ 2006-02-28 00:20 2076672 C:\Program Files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2005-10-28 20:08 335872 C:\Programmer\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedStartup]
C:\jesper\Programmer\Speed Startup\speedstartup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-04-23 15:46 1318128 C:\jesper\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\suScheduler]
--a------ 2005-08-01 17:32 40960 C:\Programmer\ThinkVantage\SystemUpdate\UCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-06 18:51 185632 C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2005-12-20 20:47 94208 C:\Programmer\Lenovo\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
--a------ 2005-12-10 08:29 24064 C:\Programmer\Lenovo\HOTKEY\TpWAudAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 18:38 35328 C:\jesper\Programmer\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3 (0x3)
"Automatisk LiveUpdate-planlægning"=2 (0x2)

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-21 14:09]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-12-21 17:14]
R2 smi2;smi2;C:\Programmer\SMI2\smi2.sys [2005-12-21 16:45]
S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys []
S3 CH341SER;CH341SER;C:\WINDOWS\system32\Drivers\CH341SER.SYS [2005-02-26 17:00]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 05:13:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 17:46:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Programmer\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-01-09 17:46:47
.
2007-12-13 02:05:12    --- E O F ---

Afinstaller uTorrent i Tilføj/fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

---------------------------------------
Det er alt, vi skal ikke se flere logs.

Det funger desværre stadig ikke, lige så snart jeg tilslutter den eksterne hdd, går processoren helt amok...

Øv.
Bruger du den til automatisk backup, eller kun til lager?
O23 - Service: TVT Backup Service

Jeg bruger den faktisk kun til lager.
Jeg kan heller ikke se drevet for den eksterne hdd, når den er tilsluttet, meget underligt.

Kunne det have noget med denne at gøre: O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe siden du nævner den, eller hva tænkte du på ?

Jeg tænkte på om der kørte en backup.
Du kan prøve at deaktivere servicen, men jeg ved ikke om det hjælper, eller for den sags skyld 100% hvad servicen er til.

Men hvis du ikke kan se disken, når den er tilsluttet, tror jeg det er noget andet vi skal lede efter.

hmm ok. Har du en ide om hvad det evt kunne være så ?

Ja, det kan være disken.
Har du prøvet at pille den ud af den eksterne, og montere den i din PC som slavedisk?

Det bliver nu nok lidt svært da det er en notebook :)

Ja, det kan jeg godt se.
Men så i en anden stationær, ellers har jeg ikke flere bud.

ok, det må jeg lige prøve...

Lukker tråden.