Kan noen vurdere log-ene mine også please?

[halfhero]

Jeg opplever korte (som et klikk) og uregelmessige (5-10 sekunder mellom hver gang) avbrudd i lyden når vi ser film (DVD eller Bluray) på PC-en. Mistenker at malware er årsaken.

 

På forhånd takk!

 

Malwarebyte-logg:

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 1990

Windows 6.0.6001 Service Pack 1

 

16.04.2009 20:38:47

mbam-log-2009-04-16 (20-38-47).txt

 

Skanntype: Rask Skann

Objekter skannet: 61528

Tid tilbakelagt: 2 minute(s), 3 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

COMBOFIX-LOGG:

 

ComboFix 09-04-17.01 - Håkon 16.04.2009 20:51.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2558.1511 [GMT 2:00]

Kjører fra: c:\users\Håkon\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\0fdf6651ec58af7738a5f192a16308f3\WinError.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\1c4c331123ae5269fbd179de68e18722\Socket.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\37dbb36b1afb4153f311e1937d13beb9\Win32.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\4698d6dad1d9192f189448cd2250e41c\Registry.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\4e2f70cf514e42eb8319b6c42723ed06\Dumper.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\b1ef31ab16378a4b392b3d07f25c074a\Service.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\c147fa650a1a0662dceef2f7ea370a7d\List.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\e51718032942dd5fb4b1590be1ec8d83\Process.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3372\perl58.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\054a515a11c7920cfc4d7faea7af4932\XS.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\0fdf6651ec58af7738a5f192a16308f3\WinError.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\12913763d8b9f06d2ca82771fcb306f1\Parser.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\14f8cfecb15e1c87916789ed739489ff\Expat.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\1c4c331123ae5269fbd179de68e18722\Socket.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\37dbb36b1afb4153f311e1937d13beb9\Win32.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\463172d63e5c347ebd2a2c9f3e30a769\Cwd.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\4698d6dad1d9192f189448cd2250e41c\Registry.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\480ac5427cb6705921c199c825f6feda\File.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\514f58c7649fa1fe7afd0239e90bf91d\SHA1.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\531074183cd92c8ee6e38095fed64379\Detector.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\563d7ead40b59c49009856a0b10f2014\Array.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\5665e9d91ffd5329b4b069811edd98e1\XS.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\619eb23c53abde1a9d9d6b8d81ccd746\Util.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\6b58dab08175faa9470d9b8f08345f77\Byte.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\6ecc81286663495601d2499da7def595\Zlib.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\776043a051266bed6315875a8a879b49\GD.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\804a82b53759189a7786eee16508a628\Unicode.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\8715287e64467664fda73ee36a680ad6\ReadKey.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\899240261dde99660e14431e6d8d1fe9\DBI.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\8d9ba91df5b696882e70aa59f4766acb\Storable.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\8ee7a6c9ed2bc0f12b37cc777e09a537\File.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\93e8018418e0dd3aeabcea5210c424d9\IO.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\95e9a2327e375c6b6f41bca6adf49352\Registry.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\9e11e8cf40c66b8d30f95ce783f2ac0b\Hostname.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\a507fccf2be25b878761a66bf411c201\mysql.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\ad76515ff4d1de346e3888790190a3c0\API.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\b1ef31ab16378a4b392b3d07f25c074a\Service.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\b2a041897a5d2e9486f60c2f6017af23\Peek.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\b5ac0b87ff26ec339558537436e82acd\HiRes.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\bbd2dcfa51103025d57caa776bc1047b\B.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\c0bb48510a66e6fdcb5936be6801222d\MD5.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\c537490a8d5597db7ef38c63a14dd378\Base64.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\c92f1c7d4396f53f4c5d352e2bd8c9a9\Syck.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\cd6be9554293967a36ad1075b097a79b\OLE.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\e247dd11d21a2bfdb97ad0cdd295b32d\Encode.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\e51718032942dd5fb4b1590be1ec8d83\Process.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\ea8f9cce13d067ab0d898ca399b403ed\Fcntl.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\f101a1002e0deeff9062f440b4956f0f\FastCalc.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\fa142febd5dc53f93f911452e1a99387\Hebrew.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\fb2e449d6244301907de33f5adebdb35\POSIX.dll

c:\users\HKON~1\AppData\Local\Temp\pdk-H[e5]kon-3992\perl58.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-16 til 2009-04-16 )))))))))))))))))))))))))))))))))

.

 

2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\users\Håkon\AppData\Roaming\Malwarebytes

2009-04-14 18:18 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-14 18:18 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\users\All Users\Malwarebytes

2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\programdata\Malwarebytes

2009-04-01 10:18 . 2009-04-01 10:18 56 ---ha-w c:\users\All Users\ezsidmv.dat

2009-04-01 10:18 . 2009-04-01 10:18 56 ---ha-w c:\programdata\ezsidmv.dat

2009-04-01 10:18 . 2009-04-13 16:57 -------- d-----w c:\users\Håkon\AppData\Roaming\skypePM

2009-04-01 09:51 . 2009-04-14 15:55 -------- d-----w c:\users\All Users\Skype

2009-04-01 09:51 . 2009-04-14 15:55 -------- d-----w c:\programdata\Skype

2009-04-01 09:31 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll

2009-04-01 09:29 . 2008-08-28 03:40 712704 ----a-w c:\windows\system32\WindowsCodecs.dll

2009-04-01 09:29 . 2008-08-28 03:40 347136 ----a-w c:\windows\system32\WindowsCodecsExt.dll

2009-04-01 09:29 . 2008-08-28 03:40 425472 ----a-w c:\windows\system32\PhotoMetadataHandler.dll

2009-04-01 09:28 . 2008-09-18 04:56 125952 ----a-w c:\windows\system32\wersvc.dll

2009-04-01 09:28 . 2008-09-18 04:56 147456 ----a-w c:\windows\system32\Faultrep.dll

2009-04-01 09:28 . 2008-10-22 03:57 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll

2009-03-23 14:53 . 2009-03-23 15:00 -------- d-----w C:\PixResize

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 19:05 . 2009-02-12 21:32 131 ----a-w C:\service.log

2009-04-16 19:05 . 2009-02-13 09:08 16608 ----a-w c:\windows\gdrv.sys

2009-04-16 18:27 . 2009-02-13 08:59 -------- d-s---w c:\users\Håkon\AppData\Roaming\Microsoft

2009-04-16 17:27 . 2008-01-21 06:14 80656 ----a-w c:\windows\System32\perfc014.dat

2009-04-16 17:27 . 2008-01-21 06:14 465038 ----a-w c:\windows\System32\perfh014.dat

2009-04-14 19:28 . 2009-04-14 19:28 20753 ----a-w C:\combofix_log.txt

2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\users\Håkon\AppData\Roaming\Malwarebytes

2009-04-13 18:22 . 2009-03-11 09:33 -------- d-----w c:\users\Håkon\AppData\Roaming\Spotify

2009-04-13 16:57 . 2009-04-01 10:18 -------- d-----w c:\users\Håkon\AppData\Roaming\skypePM

2009-03-22 20:51 . 2009-03-06 18:31 20 ---h--w c:\users\All Users\PKP_DLdw.DAT

2009-03-22 20:51 . 2009-03-06 18:31 20 ---h--w c:\programdata\PKP_DLdw.DAT

2009-03-22 20:50 . 2009-03-06 18:30 20 ---h--w c:\users\All Users\PKP_DLdu.DAT

2009-03-22 20:50 . 2009-03-06 18:30 20 ---h--w c:\programdata\PKP_DLdu.DAT

2009-03-13 15:47 . 2009-02-13 08:59 1356 ----a-w c:\users\Håkon\AppData\Local\d3d9caps.dat

2009-03-12 02:05 . 2009-03-08 09:37 -------- d-----w c:\users\Håkon\AppData\Roaming\Azureus

2009-03-11 09:33 . 2009-03-11 09:33 -------- d-----w c:\program files\Spotify

2009-03-09 18:07 . 2009-02-13 10:08 -------- d-----w c:\users\Håkon\AppData\Roaming\SOUNDGRAPH

2009-03-08 11:55 . 2009-02-13 10:19 -------- d-----w c:\program files\CyberLink

2009-03-08 11:55 . 2009-02-13 09:14 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-08 11:21 . 2009-03-08 11:21 -------- d-----w c:\programdata\VistaCodecs

2009-03-08 09:37 . 2009-03-08 09:37 -------- d-----w c:\programdata\Azureus

2009-03-08 09:37 . 2009-03-08 09:37 -------- d-----w c:\program files\AskBarDis

2009-03-08 09:37 . 2009-03-08 09:37 -------- d-----w c:\program files\Vuze

2009-03-08 09:37 . 2009-03-08 09:37 -------- d-----w c:\program files\Common Files\i4j_jres

2009-03-07 19:13 . 2009-02-13 08:59 53232 ----a-w c:\users\Håkon\AppData\Local\GDIPFONTCACHEV1.DAT

2009-03-07 19:07 . 2009-03-07 19:07 -------- d-----w c:\users\Håkon\AppData\Roaming\OpenOffice.org

2009-03-07 15:57 . 2009-03-07 15:57 -------- d-----w c:\program files\OpenOffice.org 3

2009-03-07 14:48 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat

2009-03-07 14:48 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-07 09:06 . 2009-02-13 09:26 -------- d-----w c:\programdata\NVIDIA

2009-03-07 02:00 . 2009-03-07 02:00 -------- d-----w c:\program files\MSXML 4.0

2009-03-06 20:04 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-06 18:41 . 2009-03-06 18:35 -------- d-----w c:\users\Håkon\AppData\Roaming\Nikon

2009-03-06 18:36 . 2009-03-06 18:30 -------- d-----w c:\program files\Common Files\Nikon

2009-03-06 18:34 . 2009-03-06 18:34 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-03-06 18:32 . 2009-03-06 18:30 -------- d-----w c:\program files\Nikon

2009-03-06 18:31 . 2009-03-06 18:30 -------- d-----w c:\programdata\Ultima_T15

2009-03-06 18:31 . 2009-03-06 18:30 -------- d-----w c:\programdata\EnterNHelp

2009-03-06 18:30 . 2009-03-06 18:30 -------- d-----w c:\program files\Common Files\muvee Technologies

2009-03-06 18:30 . 2009-03-06 18:30 -------- d-----w c:\programdata\Nikon

2009-03-06 18:30 . 2003-03-19 11:05 106496 ----a-w c:\windows\System32\ATL71.DLL

2009-03-06 17:42 . 2009-03-06 17:42 -------- d-----w c:\program files\Canon

2009-03-06 17:40 . 2009-03-06 17:40 -------- d--h--w c:\programdata\CanonBJ

2009-03-06 17:39 . 2009-03-06 17:39 -------- d--h--w c:\program files\CanonBJ

2009-03-06 17:31 . 2009-03-06 17:31 -------- d-----w c:\program files\PIXresizer

2009-03-06 15:48 . 2009-03-06 15:02 -------- d-----w c:\program files\MediaMonkey

2009-03-06 07:38 . 2009-03-06 07:38 -------- d-----w c:\programdata\SqueezeCenter

2009-03-06 07:38 . 2009-03-06 07:38 -------- d-----w c:\program files\SqueezeCenter

2009-03-05 21:03 . 2009-03-05 21:02 -------- d-----w c:\program files\NVIDIA Corporation

2009-02-23 21:28 . 2009-02-15 21:10 -------- d-----w c:\program files\FireDTV

2009-02-23 19:51 . 2009-02-23 19:51 -------- d-----w c:\program files\AGEIA Technologies

2009-02-23 19:51 . 2009-02-23 19:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-23 17:02 . 2009-02-23 17:02 -------- d-----w c:\users\Håkon\AppData\Roaming\Mozilla

2009-02-23 12:11 . 2009-02-17 19:42 -------- d--h--w c:\programdata\ArcSoft

2009-02-23 11:47 . 2009-02-23 11:47 -------- d-----w c:\program files\ArcSoft

2009-02-23 11:47 . 2009-02-17 19:42 -------- d-----w c:\program files\Common Files\ArcSoft

2009-02-23 11:38 . 2009-02-17 19:06 413696 ----a-w c:\windows\System32\wrap_oal.dll

2009-02-23 11:38 . 2009-02-17 19:06 102400 ----a-w c:\windows\System32\OpenAL32.dll

2009-02-23 11:36 . 2009-02-17 19:06 122880 ----a-w c:\windows\System32\HDAV_Oal.dll

2009-02-23 11:36 . 2008-11-27 18:03 2038528 ----a-w c:\windows\system32\drivers\cmhdav.sys

2009-02-23 11:36 . 2009-02-17 19:06 299008 ----a-w c:\windows\System32\HDAVasiop.dll

2009-02-23 11:36 . 2009-02-17 19:06 258048 ----a-w c:\windows\System32\CmiInstallResAll.dll

2009-02-23 11:36 . 2009-02-17 19:06 503808 ----a-w c:\windows\System32\CmeauHDAV.exe

2009-02-19 20:45 . 2009-02-17 19:48 -------- d-----w c:\users\Håkon\AppData\Roaming\ArcSoft

2009-02-18 13:44 . 2009-02-18 13:44 465440 ----a-w c:\windows\System32\nvmccssr.dll

2009-02-18 13:44 . 2009-02-13 09:17 1108512 ----a-w c:\windows\System32\nvcpluir.dll

2009-02-18 13:44 . 2008-09-17 08:55 6593056 ----a-w c:\windows\System32\nvdispsr.dll

2009-02-18 13:44 . 2008-09-17 08:55 4287008 ----a-w c:\windows\System32\nvvitvsr.dll

2009-02-18 13:44 . 2008-09-17 08:55 4287008 ----a-w c:\windows\System32\nvgamesr.dll

2009-02-18 13:44 . 2008-09-17 08:55 3033632 ----a-w c:\windows\System32\nvwssr.dll

2009-02-18 13:44 . 2008-09-17 08:55 2861600 ----a-w c:\windows\System32\nvmoblsr.dll

2009-02-17 20:42 . 2009-02-13 10:21 -------- d-----w c:\users\Håkon\AppData\Roaming\CyberLink

2009-02-17 20:20 . 2009-02-13 10:20 -------- d-----w c:\programdata\CyberLink

2009-02-17 19:06 . 2009-02-17 19:06 -------- d-----w c:\users\Håkon\AppData\Roaming\ASUS

2009-02-17 19:06 . 2009-02-17 19:06 -------- d-----w c:\program files\OpenAL

2009-02-17 19:06 . 2009-02-17 19:06 -------- d-----w c:\program files\ASUS Xonar HDAV

2009-02-17 19:05 . 2009-02-17 18:27 87 ----a-w C:\setup.log

2009-02-17 18:30 . 2009-02-17 18:30 -------- d-----w c:\program files\My Company Name

2009-02-17 18:27 . 2009-02-17 18:27 -------- d-----w c:\programdata\InstallShield

2009-02-17 18:27 . 2009-02-17 18:27 -------- d-----w c:\program files\ASUS

2009-02-17 18:27 . 2009-02-13 09:14 -------- d-----w c:\program files\Common Files\InstallShield

2009-02-17 15:05 . 2009-02-16 11:37 -------- d-----w c:\programdata\NOS

2009-02-17 15:05 . 2009-02-16 11:37 -------- d-----w c:\program files\NOS

2009-02-16 14:41 . 2009-02-15 21:37 -------- d-----w c:\users\Håkon\AppData\Roaming\Adobe

2009-02-16 11:40 . 2009-02-16 11:39 -------- d-----w c:\program files\Common Files\Adobe

2009-02-15 21:37 . 2009-02-15 21:37 -------- d-----w c:\users\Håkon\AppData\Roaming\Macromedia

2009-02-15 21:10 . 2009-02-15 21:10 -------- d-----w c:\programdata\CMUV

2009-02-13 10:26 . 2009-02-13 10:26 177 ----a-w C:\ITB.log

2009-02-13 10:00 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

2009-02-13 09:28 . 2009-02-13 09:22 86 ----a-w C:\CSB.LOG

2009-02-13 09:23 . 2009-02-13 06:17 646 ----a-w C:\RHDSetup.log

2009-02-13 09:22 . 2009-02-13 09:22 319488 ----a-w c:\windows\HideWin.exe

2009-02-13 08:42 . 2009-02-13 21:12 8192 --s-a-r C:\BOOTSECT.BAK

2009-02-09 03:10 . 2009-03-11 16:45 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-05 09:54 . 2009-02-13 09:15 453152 ----a-w c:\windows\System32\NVUNINST.EXE

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-14_19.18.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-04-15 20:33 44256 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-04-16 17:25 85470 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-13 08:58 . 2009-04-16 19:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-13 08:58 . 2009-04-14 19:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-13 08:58 . 2009-04-14 19:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-13 08:58 . 2009-04-16 19:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-13 09:01 . 2009-04-16 17:25 8040 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-233265581-3405811334-3882374998-1000_UserData.bin

- 2006-11-02 10:33 . 2009-04-14 18:54 591476 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-04-16 17:27 591476 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-04-14 18:54 105356 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-04-16 17:27 105356 c:\windows\System32\perfc009.dat

- 2006-11-02 12:43 . 2009-04-14 18:58 262144 c:\windows\System32\config\systemprofile\ntuser.dat

+ 2006-11-02 12:43 . 2009-04-16 18:51 262144 c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-02-13 08:58 . 2009-04-16 19:05 327680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-13 08:58 . 2009-04-14 19:18 327680 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 12:47 . 2009-04-16 19:05 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-14 19:18 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-16 19:05 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-14 19:18 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 17:40 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-07-29 380928]

"CmHDAVHs"="c:\windows\system\HsMgr.exe" [2008-07-11 200704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-09 6281760]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-09 1833504]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SqueezeCenter verkt›ykasse.lnk - c:\program files\SqueezeCenter\SqueezeTray.exe [2009-3-6 1728601]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Håkon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\users\Håkon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iMON]

2009-02-13 10:20 2605056 ----a-w c:\program files\SOUNDGRAPH\iMON\iMON.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A3838853-C319-4263-A15E-DA005EDE5781}"= c:\program files\SqueezeCenter\server\squeezecenter.exe:SqueezeCenter

"TCP Query User{0B1E8847-B317-4B4E-9749-99D81C429DB4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{05D16892-453C-418B-9E43-592B750481BB}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{1C8C8713-CA4F-4E5C-88C3-B47F173A031F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{50FC56D2-B2FA-4AD6-B829-29B0194C3620}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{D7890F47-B52C-4E42-A331-9B82D89E7EEB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify

"UDP Query User{37F763A4-FECB-43BA-9E09-7E7752101E62}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]

"9000:TCP"= 9000:TCP:*:Enabled:SqueezeCenter 9000 tcp (UI)

"9090:TCP"= 9090:TCP:*:Enabled:SqueezeCenter 9090 tcp (CLI)

"3483:UDP"= 3483:UDP:*:Enabled:SqueezeCenter 3483 udp

"3483:TCP"= 3483:TCP:*:Enabled:SqueezeCenter 3483 tcp

 

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]

R3 udfpt;udfpt; [x]

S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-08-12 96384]

S1 aswSP;avast! Self Protection; [x]

S1 CLBStor;InstantBurn Storage Helper Driver; [x]

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-09 464264]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]

S2 FDTvCISvc;FireDTV Common Interface;c:\program files\FireDTV\FireDTV MCE Plugin\FDTvCISvc.exe [2007-06-08 110592]

S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]

S2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2009-01-19 4149248]

S3 cmhdav;ASUS Xonar HDAV 1.3 Audio Interface;c:\windows\system32\drivers\cmhdav.sys [2009-02-23 2038528]

S3 FireDTV_DVBS2;DVBS2 Service;c:\windows\system32\DRIVERS\FireDTV_BDA_DVBS2_MCE.sys [2007-09-11 39552]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683a0f9c-f9aa-11dd-a5b0-806e6f6e6963}]

\shell\AutoRun\command - D:\Run.exe

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.netvibes.com/#General

Trusted Zone: skandiabanken.no\secure

Trusted Zone: skandiabanken.no\www

TCP: {4DCFEB18-5993-4626-B749-BEA4320FD2CF} = 192.168.1.1,4.2.2.1

FF - ProfilePath - c:\users\Håkon\AppData\Roaming\Mozilla\Firefox\Profiles\x203hfnn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#General

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-16 21:05

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\System32\ATKFUSService.exe

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe

c:\program files\ASUS\GamerOSD\ATKFastUserSwitching.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\CyberLink\InstantBurn\Win2K\IBurn.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\windows\ehome\ehsched.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehrecvr.exe

c:\program files\SqueezeCenter\server\squeezecenter.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-04-16 21:08 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-04-16 19:08

ComboFix2.txt 2009-04-14 19:22

 

Pre-Run: 736 723 943 424 byte ledig

Post-Run: 735 344 607 232 byte ledig

 

335 --- E O F --- 2009-04-14 06:05

 

 

 

 

 

H

Endret 18. april 2009 av halfhero

[halfhero]

Ser det greit ut?

 

H

Endret 17. april 2009 av halfhero

[halfhero]

Jeg har skannet maskinen med Avast og kjørt Microsoft® Windows® Malicious Software Removal Tool (KB890830) (fjerner eventuelt conficker), men ingen av disse fant noe.

 

En pussig observasjon er at klikke-problemet forsvant mens Combofix løp i bakgrunnen. Etter at Combofix bootet maskinen, var problemet tilbake

 

Gjennom ressursovervåkningen i Vista ser jeg at det er noe og regelmessig nettverkstrafikk. (Se vedlegg) Er det noen som kan svare på om det er indikasjon på malware?

 

H

[snippsat]

Loggene ser greie ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Denne kontaker nettet er dette noe du bruker?

c:\program files\SqueezeCenter\server\squeezecenter.exe

[Tosha0007]

Sørg for at alle programmer er oppdatert ved å scanne ved hjelp av Secunia. Secunia har og eit eige program som kan lastast ned frå her dersom du ikkje ynskjer å sjekk online kvar gong du skal sjekke at alle program er oppdatert.

 

edit: leste ikkje det om nettverket. Dropp det med løst, svar SNIPPSAT på spørsmålet hans.

Endret 18. april 2009 av tosha0007

[halfhero]

Loggene ser greie ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Denne kontaker nettet er dette noe du bruker?

c:\program files\SqueezeCenter\server\squeezecenter.exe

 

Takk for du tok deg tid til å sjekke log-ene. Har avinstallert Combofix.

 

Squeezecenter har jeg brukt i lang tid - også før problemet oppstod. Programmet håndterer musikkavspilling og nettradio gjennom såkalt Squeezebox. Den oppdaterer også Podcasts og jeg tipper det er årsaken til at den genererer nettrafikk, men det kan jeg sjekke.

 

Vennlig hilsen

Håkon

 

Sørg for at alle programmer er oppdatert ved å scanne ved hjelp av Secunia. Secunia har og eit eige program som kan lastast ned frå her dersom du ikkje ynskjer å sjekk online kvar gong du skal sjekke at alle program er oppdatert.

 

edit: leste ikkje det om nettverket. Dropp det med løst, svar SNIPPSAT på spørsmålet hans.

 

Prøver Secunia. Takk for tipset!

 

Vennlig hilsen

Håkon

[halfhero]

Avinnstallering av lydkort-driver (Asus Xonar 1.3 HD) og reinnstallering av siste versjon av driveren rettet problemet.

 

Det var antakelig Skype 4.0 som var årsak til problemet.

 

Håkon