Tror jeg har virus, har lagt ut logg fra Combofix og HJT.

[-Tommy]

Pc'en ble plutselig veldig treig her igår så lurer kanskje på om jeg har et virus. MBAM fant ingenting.

 

Combofix logg

 

ComboFix 08-11-27.04 - Administrator 2008-11-28 8:55:49.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015 [GMT 1:00]

Kjører fra: c:\documents and settings\Administrator\Desktop\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\hpowiax2.dll

c:\windows\system32\x64

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 )))))))))))))))))))))))))))))))))

.

 

2008-11-28 08:59 . 2008-11-28 08:59 <DIR> d-------- c:\windows\system32\xircom

2008-11-28 08:59 . 2008-11-28 08:59 <DIR> d-------- c:\program files\microsoft frontpage

2008-11-28 08:45 . 2008-11-28 08:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-28 08:45 . 2008-11-28 08:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-28 08:45 . 2008-11-28 08:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-11-28 08:45 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-28 08:45 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-28 08:15 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg

2008-11-28 08:15 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg

2008-11-28 08:10 . 2008-11-28 08:10 <DIR> d-------- c:\program files\ESET

2008-11-28 08:10 . 2008-11-28 08:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-27 22:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-11-27 22:54 . 2008-11-27 22:54 <DIR> d-------- c:\windows\system32\LogFiles

2008-11-27 12:21 . 2008-11-27 12:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Clue

2008-11-27 12:21 . 2008-11-27 12:21 <DIR> d-------- C:\Clue

2008-11-25 08:53 . 2008-11-12 20:08 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Lokale innstillinger

2008-11-25 08:53 . 2008-11-25 08:53 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser

2008-11-22 14:58 . 2008-11-22 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn

2008-11-22 14:58 . 2004-01-12 00:00 348,160 --a------ c:\windows\system\msvcr71.dll

2008-11-22 14:57 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll

2008-11-22 14:57 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll

2008-11-22 14:57 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys

2008-11-22 14:57 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll

2008-11-22 14:57 . 2008-11-22 14:57 1,024 --a------ C:\.rnd

2008-11-22 14:55 . 2008-11-22 14:55 <DIR> d-------- c:\program files\LogMeIn

2008-11-22 12:31 . 2008-11-22 12:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP

2008-11-22 12:30 . 2008-11-22 12:30 <DIR> d--hs---- C:\FOUND.000

2008-11-22 12:22 . 2008-11-22 12:22 <DIR> d-------- c:\program files\Hewlett-Packard

2008-11-22 12:22 . 2008-11-22 12:22 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard

2008-11-22 12:20 . 2006-04-13 01:02 827,392 -ra------ c:\windows\system32\hpotiop2.dll

2008-11-22 12:20 . 2006-04-13 01:02 254,026 -ra------ c:\windows\system32\hpovst09.dll

2008-11-22 12:20 . 2006-01-04 09:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll

2008-11-22 12:20 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll

2008-11-22 12:20 . 2001-08-17 13:53 6,784 --a------ c:\windows\system32\drivers\serscan.sys

2008-11-22 12:19 . 2008-11-22 12:19 162 --a------ c:\windows\system32\AddPort.ini

2008-11-22 12:18 . 2008-11-22 12:18 <DIR> d-------- C:\TEMP

2008-11-22 12:18 . 2008-11-22 12:18 687 --a------ c:\windows\hpntwksetup.ini

2008-11-22 12:17 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2008-11-22 12:17 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll

2008-11-22 12:17 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll

2008-11-22 12:17 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll

2008-11-22 12:17 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe

2008-11-22 12:17 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe

2008-11-22 12:17 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll

2008-11-22 12:15 . 2008-11-22 12:15 <DIR> d-------- c:\program files\HP

2008-11-22 12:14 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-11-22 12:12 . 2008-11-22 12:31 111,492 --a------ c:\windows\hpoins11.dat

2008-11-22 12:12 . 2006-04-13 01:04 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys

2008-11-22 12:10 . 2006-04-13 01:04 282,624 --a------ c:\windows\system32\HPZc3212.dll

2008-11-22 12:10 . 2005-07-19 02:39 98,304 --a------ c:\windows\system32\hpzjsn01.dll

2008-11-22 12:10 . 2006-05-06 05:34 6,947 --a------ c:\windows\hpomdl11.dat

2008-11-21 08:54 . 2008-11-21 08:54 <DIR> d-------- c:\program files\Xfire

2008-11-21 08:54 . 2008-11-21 08:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire

2008-11-18 08:41 . 2008-11-18 08:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\OpenOffice.org

2008-11-18 00:24 . 2006-08-21 10:14 128,896 --------- c:\windows\system32\dllcache\fltmgr.sys

2008-11-18 00:24 . 2006-08-21 10:14 23,040 --------- c:\windows\system32\dllcache\fltmc.exe

2008-11-18 00:24 . 2006-08-21 13:21 16,896 --------- c:\windows\system32\dllcache\fltlib.dll

2008-11-17 23:20 . 2007-10-26 04:36 8,454,656 --------- c:\windows\system32\dllcache\shell32.dll

2008-11-17 23:14 . 2007-07-09 14:09 584,192 --------- c:\windows\system32\dllcache\rpcrt4.dll

2008-11-17 22:31 . 2008-11-17 22:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc

2008-11-17 21:52 . 2008-11-17 21:52 <DIR> d-------- c:\program files\JRE

2008-11-17 21:51 . 2008-11-17 21:51 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-11-17 21:00 . 2008-11-17 21:53 139,264 --a------ c:\windows\War3Unin.exe

2008-11-17 21:00 . 2008-11-17 22:04 61,774 --a------ c:\windows\War3Unin.dat

2008-11-17 21:00 . 2008-11-17 21:53 2,829 --a------ c:\windows\War3Unin.pif

2008-11-17 19:13 . 2008-10-03 18:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll

2008-11-17 19:13 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat

2008-11-17 19:13 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui

2008-11-17 19:13 . 2008-08-26 08:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll

2008-11-17 19:13 . 2008-08-26 08:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll

2008-11-17 19:13 . 2008-08-26 08:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

2008-11-17 19:13 . 2008-08-26 08:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll

2008-11-17 19:13 . 2008-08-26 08:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll

2008-11-17 19:13 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe

2008-11-17 19:04 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll

2008-11-17 17:38 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2008-11-17 17:05 . 2008-11-17 17:05 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-17 17:03 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2008-11-17 17:03 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2008-11-17 17:03 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2008-11-14 08:37 . 2008-11-14 08:37 <DIR> d-------- c:\program files\uTorrent

2008-11-14 08:37 . 2008-11-14 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent

2008-11-13 12:52 . 2008-11-13 12:52 <DIR> d-------- C:\TVicPortPersonal

2008-11-13 12:18 . 2008-11-13 12:18 <DIR> d-------- c:\program files\VideoLAN

2008-11-13 09:49 . 2008-11-13 09:49 <DIR> d-------- c:\documents and settings\Administrator\Contacts

2008-11-13 09:42 . 2008-11-13 09:42 <DIR> d--hs---- c:\program files\Common Files\WindowsLiveInstaller

2008-11-13 09:41 . 2008-11-13 09:41 <DIR> d-------- c:\program files\Windows Live

2008-11-13 09:41 . 2008-11-13 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller

2008-11-13 09:35 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys

2008-11-13 09:35 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys

2008-11-13 09:32 . 2007-04-02 06:58 546,304 --------- c:\windows\system32\dllcache\hhctrl.ocx

2008-11-13 09:31 . 2006-12-07 07:40 2,362,184 --------- c:\windows\system32\dllcache\wmvcore.dll

2008-11-13 09:31 . 2008-09-15 12:57 1,846,016 --------- c:\windows\system32\dllcache\win32k.sys

2008-11-13 09:31 . 2008-08-28 11:04 333,056 --------- c:\windows\system32\dllcache\srv.sys

2008-11-13 09:31 . 2008-05-08 13:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys

2008-11-13 09:30 . 2008-08-14 11:00 2,180,352 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-13 09:30 . 2008-08-14 10:58 2,136,064 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-13 09:30 . 2008-08-14 10:22 2,015,744 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-13 09:29 . 2008-08-14 10:22 2,057,728 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-13 09:28 . 2008-05-01 15:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll

2008-11-13 09:28 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys

2008-11-13 09:26 . 2008-10-24 12:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-13 09:25 . 2008-09-04 17:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-11-13 09:25 . 2008-04-11 19:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll

2008-11-13 09:24 . 2008-10-15 17:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll

2008-11-13 09:22 . 2008-11-13 09:22 <DIR> d-------- c:\program files\Opera

2008-11-13 09:14 . 2008-11-13 09:14 <DIR> d--h----- c:\windows\$hf_mig$

2008-11-12 23:34 . 2008-11-12 23:34 <DIR> d--hs---- C:\Recycled

2008-11-12 23:01 . 2007-12-03 15:11 207,368 --a------ c:\windows\UNINST32.EXE

2008-11-12 23:01 . 2004-12-08 14:10 16,896 --a------ c:\windows\system32\drivers\DKbFltr.SYS

2008-11-12 23:01 . 2004-12-09 12:04 5,120 --a------ c:\windows\system32\FILTRCOI.DLL

2008-11-12 23:00 . 2007-03-12 18:16 56,080 --a------ c:\windows\system32\QtBtLib.dll

2008-11-12 22:25 . 2008-11-12 22:25 <DIR> d-------- c:\program files\Launch Manager

2008-11-12 22:25 . 2008-11-12 22:25 83 --a------ c:\windows\QtZgAcer.UNI

2008-11-12 22:24 . 2008-09-26 17:41 467,028 --a------ c:\windows\system32\acs.exe

2008-11-12 22:24 . 2008-09-26 17:33 262,216 --a------ c:\windows\system32\IPTests.dll

2008-11-12 22:22 . 2008-11-12 22:23 <DIR> d-------- c:\program files\Atheros

2008-11-12 22:22 . 2008-11-12 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Atheros

2008-11-12 22:22 . 2008-09-18 19:44 1,326,528 --a------ c:\windows\system32\athw.sys

2008-11-12 22:22 . 2008-09-18 19:43 161,141 --a------ c:\windows\system32\netathw.inf

2008-11-12 22:22 . 2008-09-25 13:47 35,831 --a------ c:\windows\system32\netathw.cat

2008-11-12 22:20 . 2008-11-12 22:20 <DIR> d-------- c:\program files\Synaptics

2008-11-12 22:20 . 2008-04-25 03:17 225,024 --a------ c:\windows\system32\drivers\SynTP.sys

2008-11-12 22:20 . 2008-04-25 03:19 200,704 --a------ c:\windows\system32\SynCtrl.dll

2008-11-12 22:20 . 2008-04-25 03:19 163,840 --a------ c:\windows\system32\SynCOM.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-12 19:45 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield

2008-11-12 19:44 --------- d-----w c:\program files\Intel

2008-11-12 19:38 315,392 ----a-w c:\windows\HideWin.exe

2008-11-12 19:38 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-12 19:38 --------- d-----w c:\program files\Realtek

2008-11-12 19:38 --------- d-----w c:\program files\Common Files\InstallShield

2008-11-12 19:33 --------- d-----w c:\program files\Java

2008-11-12 19:33 --------- d-----w c:\program files\Common Files\Java

2008-11-12 18:54 --------- d-----w c:\program files\Windows Plus

2008-10-30 01:25 42,320 ----a-w c:\windows\system32\xfcodec.dll

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 19:35 23,736 ----a-w c:\windows\system32\lmimirr.dll

2008-10-16 19:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-09-26 16:53 90,112 ----a-w c:\windows\system32\athcfg11resloc.dll

2008-09-26 16:53 77,824 ----a-w c:\windows\system32\wgapiloc.dll

2008-09-26 16:45 254,022 ----a-w c:\windows\system32\wsfwDS.dll

2008-09-26 16:45 249,924 ----a-w c:\windows\system32\wsimd.dll

2008-09-26 16:41 307,294 ----a-w c:\windows\system32\athcfg20U.dll

2008-09-26 16:40 127,079 ----a-w c:\windows\system32\athcfg20resU.dll

2008-09-26 16:38 401,498 ----a-w c:\windows\system32\wgapi.dll

2008-09-26 16:38 352,347 ----a-w c:\windows\system32\wcapiU.dll

2008-09-26 16:36 401,408 ----a-w c:\windows\system32\wcapi.dll

2008-09-26 16:35 241,664 ----a-w c:\windows\system32\athcfg20.dll

2008-09-26 16:35 127,053 ----a-w c:\windows\system32\athcfg20res.dll

2008-09-26 16:31 82,017 ----a-w c:\windows\system32\dsaNac.dll

2008-09-26 16:31 1,265,758 ----a-w c:\windows\system32\dsa.dll

2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys

2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 131072]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

"_nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

 

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]

R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-22 47640]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-11-12 96856]

R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-11-12 57408]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2008-11-12 3584]

S4 LMIRfsClientNP;LMIRfsClientNP; []

S4 rdummy;rdummy;c:\windows\system32\drivers\rdummy.sys [2008-11-12 4096]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518cb558-b4ee-11dd-aaf6-00226965bd96}]

\Shell\AutoRun\command - D:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d19f04f-b21e-11dd-aaf5-00226965bd96}]

\Shell\AutoRun\command - D:\Autorun.exe

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-28 09:00:19

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\LMIinit.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\acs.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\windows\system32\HPZipm12.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\windows\system32\igfxext.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\docume~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\dllhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2008-11-28 9:03:42 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2008-11-28 08:03:40

 

Pre-Run: 2 219 167 744 bytes free

Post-Run: 2,374,529,024 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot Loader]

timeout=2

Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="USB Repair NOT to Start Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

290 --- E O F --- 2008-11-18 06:23:11

 

 

 

HJT Logg

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:14:10, on 28.11.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Atheros konfigurasjonstjeneste (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5216 bytes

 

 

[snippsat]

Loggene ser greie ut.

 

Når ble den treg?,tenk på dato og hva du innstallerte.

[-Tommy]

Den ble treg etter en installasjon av en demo av clue.

 

Men kan se ut som at jeg har funnet feilen, den blir treg med en gang jeg overstiger 500MB i minnebruk, så kan se ut som at ene minnebrikken min er defekt.

[snippsat]

Clue installerte du 2008-11-27.

Du kan jo prøv og sette den tilbake til 2008-11-25

Start->programmer->tilbehør->systemvertøy->systemgjenoppretting

 

så kan se ut som at ene minnebrikken min er defekt.

Ja det er vel bare og teste Memtest86+ 2.10

[-Tommy]

Systemgjenoppretting er deaktivert

Pc'en er en Aspire one A110 med 8GB SSD disk så jeg trengte litt ekstra plass.

 

Memtest skal kjøres når jeg kommer hjem

[snippsat]

Du får se litt på cpu forbruk og minnebruk i process explorer

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Auslogics Registry Defrag(gratis)

http://www.auslogics.com/en/software/registry-defrag

 

Auslogics Disk Defrag(gratis)

http://www.auslogics.com/en/software/disk-defrag

 

Edit.

Stemmer du har SSD disk,da glemmer vi defrag av hdd.

Endret 1. desember 2008 av SNIPPSAT