Treg pc - MBAM og Combofix-logg.

[tradhtare]

Pc'en er en liten Acer Aspire One, så jeg er klar over at denne også optimalt vil operere tregere enn en større laptop, men eieren av pc'en klager over at den er mye tregere enn den pleier.

 

Pc'en blir brukt hovedsakelig til epostlesing/internettsurfing og kabal.

Det er internettsurfinga som har begynt å bli en lidelse.

Det går også relativt treigt å bla gjennom bilder i "windows forhåndsvisning".

 

MBAM-logg:

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4402

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

07.08.2010 16:22:59

mbam-log-2010-08-07 (16-22-59).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 131018

Tid tilbakelagt: 28 minutt(er), 28 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

(Ingen skadelige objekter funnet)

 

 

 

Combofix-logg:

 

 

ComboFix 10-08-06.03 - bruker1 07.08.2010 19:46:09.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.373 [GMT 2:00]

Kjører fra: c:\documents and settings\bruker1\Mine dokumenter\Nedlastinger\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100807-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\bruker1\Programdata\.#

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-07 til 2010-08-07 )))))))))))))))))))))))))))))))))

.

 

2010-08-07 13:52 . 2010-08-07 13:52 -------- d-----w- c:\documents and settings\bruker1\Programdata\Malwarebytes

2010-08-07 13:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-07 13:51 . 2010-08-07 13:51 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-08-07 13:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-07 13:51 . 2010-08-07 13:52 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-07-20 22:20 . 2010-07-20 22:20 63488 ----a-w- c:\documents and settings\bruker1\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-07 13:33 . 2010-07-03 11:01 -------- d-----w- c:\documents and settings\bruker1\Programdata\Skype

2010-08-06 22:54 . 2009-11-15 21:44 -------- d-----w- c:\documents and settings\bruker1\Programdata\Spotify

2010-07-18 09:25 . 2009-08-05 14:45 -------- d-----w- c:\programfiler\IncrediMail

2010-07-10 13:45 . 2010-03-15 16:20 1 ----a-w- c:\documents and settings\bruker1\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-07-08 22:09 . 2010-07-05 20:48 -------- d-----w- c:\documents and settings\bruker1\Programdata\skypePM

2010-07-05 20:49 . 2010-07-05 20:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-07-03 11:01 . 2010-07-03 11:00 -------- d-----r- c:\programfiler\Skype

2010-07-03 11:00 . 2010-07-03 11:00 -------- d-----w- c:\programfiler\Fellesfiler\Skype

2010-07-03 11:00 . 2010-07-03 11:00 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype

2010-07-02 21:46 . 2010-02-28 23:09 -------- d-----w- c:\programfiler\Opera

2010-06-24 06:31 . 2009-04-29 14:42 76450 ----a-w- c:\windows\system32\perfc014.dat

2010-06-24 06:31 . 2009-04-29 14:42 436938 begin_of_the_skype_highlighting              42 436938      end_of_the_skype_highlighting ----a-w- c:\windows\system32\perfh014.dat

2010-06-21 21:11 . 2010-06-21 21:10 45 ----a-w- c:\documents and settings\bruker1\jagex_runescape_preferences.dat

2010-06-18 09:26 . 2010-06-18 09:26 655360 ----a-w- c:\documents and settings\bruker1\Programdata\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-06-18 09:26 . 2010-06-18 09:26 282624 ----a-w- c:\documents and settings\bruker1\Programdata\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-06-18 09:26 . 2010-06-18 09:26 208896 ----a-w- c:\documents and settings\bruker1\Programdata\Spotify\Gracenote\gnsdk_dsp.dll

2010-06-14 14:31 . 2009-04-29 05:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 19:18 . 2010-06-23 18:49 52224 ----a-w- c:\documents and settings\bruker1\Programdata\Mozilla\Firefox\Profiles\2wumtklt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-06-11 19:18 . 2010-06-23 18:49 101376 ----a-w- c:\documents and settings\bruker1\Programdata\Mozilla\Firefox\Profiles\2wumtklt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-06-11 16:37 . 2009-04-29 06:13 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\programfiler\IncrediMail\bin\IncMail.exe" [2010-07-18 353736]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2010-05-13 26192168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]

"AzMixerSel"="c:\programfiler\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840]

"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]

"LManager"="c:\programfiler\Launch Manager\LManager.exe" [2009-02-20 817672]

"RemoteControl8"="c:\programfiler\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]

"PDVD8LanguageShortcut"="c:\programfiler\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-09-21 305440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

c:\documents and settings\bruker1\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Acer VCM.lnk - c:\programfiler\Acer\Acer VCM\AcerVCM.exe [2009-4-29 565248]

BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-07 06:22 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]

2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Programfiler\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Programfiler\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Acer\\Acer VCM\\VC.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Opera\\opera.exe"=

"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05.08.2009 16:42 114768]

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [28.07.2009 10:53 12872]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [28.07.2009 10:53 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05.08.2009 16:42 20560]

R2 RS_Service;Raw Socket Service;c:\programfiler\Acer\Acer VCM\RS_Service.exe [29.04.2009 09:14 237568]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [29.04.2009 08:07 5096544]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.04.2009 08:10 1684736]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]

S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [28.07.2009 10:53 12872]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [26.10.2009 17:34 40448]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://mystart.incredimail.com/

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\bruker1\Programdata\Mozilla\Firefox\Profiles\2wumtklt.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://www.startsiden.no/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - component: c:\documents and settings\bruker1\Programdata\Mozilla\Firefox\Profiles\2wumtklt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\bruker1\Programdata\Mozilla\Firefox\Profiles\2wumtklt.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\programfiler\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe

 

 

 

**************************************************************************

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer:

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(732)

c:\programfiler\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\igdlogin.dll

 

- - - - - - - > 'explorer.exe'(984)

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

.

Tidspunkt ferdig: 2010-08-07 20:02:11

ComboFix-quarantined-files.txt 2010-08-07 18:02

 

Pre-Run: 107 991 670 784 byte ledig

Post-Run: 108 680 163 328 byte ledig

 

- - End Of File - - DD23E043029582983C66572F3DCBB7F9

 

 

 

 

Håper noen kan se på loggene og hjelpe meg, så fort som mulig.

På forhånd takk.

[Atiks]

Hei

 

(1) Last ned og kjøre HijackThis og poste loggen den lager her.

 

(2) Deretter kjør en skann med ESET Online Antivirus Scanner vær sikker på at disse instillingene er merket:

 

Remove found threats

Scan archives

 

Og under advanced settings

 

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology

 

og poste loggen den lager også.

Endret 7. august 2010 av Atiks

[snippsat]

Combofix loggen ser bra ut ingen malware.

@Atiks med combofix ser vi alt info en hijackthis logg gir + mere.

Combofix er et kraftigere verktøy.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Du får prøve og kjøre CCleaner + defragmere(Auslogics Disk Defrag er bra)

Det er ikke malware som gjør den treg.

Endret 7. august 2010 av SNIPPSAT