Noen som kan analysere denne

[HDSoftware]

 

ComboFix 09-07-14.08 - Ole 17.07.2009 0:53.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.991.414 [GMT 2:00]

Kjører fra: c:\documents and settings\Ole\Skrivebord\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\3e293.msi

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-16 til 2009-07-16 )))))))))))))))))))))))))))))))))

.

 

2009-07-16 21:41 . 2009-07-16 21:41 -------- d-----w- c:\documents and settings\Ole\Programdata\Malwarebytes

2009-07-16 21:41 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-16 21:41 . 2009-07-16 21:41 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-07-16 21:41 . 2009-07-16 21:41 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-07-16 21:41 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-16 21:37 . 2009-07-16 21:40 -------- d-----w- c:\documents and settings\Ole\Programdata\SUPERAntiSpyware.com

2009-07-16 20:59 . 2009-07-16 20:59 -------- d-----w- c:\documents and settings\Ole\Lokale innstillinger\Programdata\Apple Computer

2009-07-16 20:58 . 2009-07-16 20:59 -------- d-----w- c:\documents and settings\Ole\Programdata\PC Suite

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-16 22:03 . 2007-01-22 18:35 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared

2009-07-16 22:01 . 2007-01-22 18:37 40 ----a-w- c:\windows\system32\profile.dat

2009-07-16 21:37 . 2008-08-06 14:05 -------- d-----w- c:\programfiler\SUPERAntiSpyware

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 98304]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 503808]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 124656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]

"SSBkgdUpdate"="c:\programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]

"OpwareSE4"="c:\programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-17 136600]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-02-26 65024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

LUMIX Simple Viewer.lnk - c:\programfiler\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-1-27 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

 

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\eengine\EraserUtilRebootDrv.sys [18.05.2009 21:55 101936]

S3 SavRoam;SAVRoam;c:\programfiler\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [15.06.2006 02:40 115952]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-07-16 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Tilleggsskanning -------

.

uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

TCP: {D5AECD44-2FA8-433E-8EB4-0AAE7099BE5F} = 192.168.0.250

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-17 01:11

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-07-16 1:19

ComboFix-quarantined-files.txt 2009-07-16 23:19

 

Pre-Run: 28 586 749 952 byte ledig

Post-Run: 29 059 526 656 byte ledig

 

104 --- E O F --- 2009-05-19 14:30

 

 

 

Takker

[raWrz]

ser bra ut det

er det noe problemer du har? eller var det bare en sjekk?

[HDSoftware]

Ja, problemer. Har en Packard Bell laptop som er supertreg. Den kjører XP og har 512MB minne. Dette minnet er allerede brukt opp ved oppstart. CPU vifte går hele tiden og maskinen er generellt varm, men i TaskManager så finner jeg ingen prosesser som er "ukjent" og som bruker mye CPU tid. Ledig CPU tid er rundt 95% hele tiden, men unntak av noen peaks som kommer av og til.

Oppstart av maskinen tar utrolig lang tid og disk lampen lyser om trendt konstant.

 

Begynner nesten å misstenke hardware problemer.

Endret 17. juli 2009 av HDSoftware

[snippsat]

Last ned process explorer

Denne viser også viss det er hardware som tar av cpu.

 

Kjør CCleaner som dette.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Symantec AntiVirus det kan være en ideé og fjerne denne helt for så og installere igjen(norton remove tool)

Når du har 512MB hadde jeg aldrig brukt norton uansett selv om 2009 versjonen er blitt bedere på resusser.

Avira free er bra og bruker minst resusser av de gratise.