Sjekke loggfiler - rutinemessig sjekk

BorN · 30. juli 2009

Heisann, Denne maskina har avinstallert en del programmer i det siste, samt installert og avinstallert noen animerte skrivebordsbakgrunner med flash. Vil gjerne sjekke om det er noen ulumskheter som henger igjen.

Hurtigskann med MBAM ga ingen ulumskheter. Ingen loggfil.

Jeg mangler gjenopprettingskonsollen, men etter å ha trykt ja på spørsmålet om å laste den ned, får jeg "Internal Error". ComboFix fortsetter prosedyren etter det.

ComboFix:

ComboFix 09-07-29.03 - Comb 30.07.2009 5:00.3.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3327.2743 [GMT 2:00]

Kjører fra: h:\documents and settings\Born\Skrivebord\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090729-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-28 til 2009-07-30 )))))))))))))))))))))))))))))))))

.

2009-07-29 20:31 . 2001-08-17 20:05 25216 -c--a-w- h:\windows\system32\dllcache\ovsound2.sys

2009-07-29 20:31 . 2001-08-17 20:05 25216 ----a-w- h:\windows\system32\drivers\OVSound2.sys

2009-07-27 19:28 . 2009-07-27 19:28 -------- d-----w- h:\documents and settings\All Users\Programdata\TEMP

2009-07-27 19:28 . 2007-05-13 10:24 86683 ----a-w- h:\windows\system32\pthreadGC2.dll

2009-07-17 19:28 . 2009-07-17 19:28 -------- d-----w- h:\programfiler\Fellesfiler\DivX Shared

2009-07-17 02:31 . 2009-07-17 02:31 -------- d-----w- h:\programfiler\Fellesfiler\Adobe AIR

2009-07-06 21:24 . 2009-07-06 21:24 21096 ---ha-w- h:\windows\system32\mlfcache.dat

2009-07-03 23:27 . 2009-07-03 23:27 -------- d-----w- h:\windows\system32\AGEIA

2009-07-03 23:27 . 2009-07-03 23:27 -------- d-----w- h:\programfiler\AGEIA Technologies

2009-07-02 16:31 . 2009-07-02 16:31 49664 ----a-w- h:\windows\system32\atimpc32.dll

2009-07-02 16:27 . 2009-07-02 16:27 45056 ----a-w- h:\windows\system32\aticalrt.dll

2009-07-02 16:26 . 2009-07-02 16:26 45056 ----a-w- h:\windows\system32\aticalcl.dll

2009-07-02 16:25 . 2009-07-02 16:25 3248128 ----a-w- h:\windows\system32\aticaldd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-29 18:35 . 2008-10-24 14:19 -------- d-----w- h:\programfiler\Java

2009-07-29 11:44 . 2009-07-29 11:44 118784 ----a-w- h:\windows\Web\Wallpaper\Thoughts- Playful Kitten Wallpaper.exe

2009-07-29 11:31 . 2009-07-29 11:31 118784 ----a-w- h:\windows\Web\Wallpaper\Thoughts- Playful Kitten Wallpaper dir\uninstall.exe

2009-07-06 00:45 . 2009-06-18 23:25 41 ----a-w- h:\windows\popcinfot.dat

2009-07-03 23:27 . 2008-10-19 14:58 -------- d-----w- h:\programfiler\Fellesfiler\Wise Installation Wizard

2009-07-03 17:01 . 2003-04-25 12:00 915456 ----a-w- h:\windows\system32\wininet.dll

2009-07-02 17:49 . 2008-06-03 06:20 4125696 ----a-w- h:\windows\system32\drivers\ati2mtag.sys

2009-07-02 17:25 . 2008-10-11 22:33 442368 ----a-w- h:\windows\system32\ATIDEMGX.dll

2009-07-02 17:24 . 2008-06-03 03:21 335872 ----a-w- h:\windows\system32\ati2dvag.dll

2009-07-02 17:07 . 2008-10-11 22:33 311296 ----a-w- h:\windows\system32\atiiiexx.dll

2009-07-02 17:06 . 2008-06-03 03:11 204800 ----a-w- h:\windows\system32\atipdlxx.dll

2009-07-02 17:05 . 2008-06-03 03:11 155648 ----a-w- h:\windows\system32\Oemdspif.dll

2009-07-02 17:05 . 2008-06-03 03:11 43520 ----a-w- h:\windows\system32\ati2edxx.dll

2009-07-02 17:05 . 2008-06-03 03:11 155648 ----a-w- h:\windows\system32\ati2evxx.dll

2009-07-02 17:04 . 2008-06-03 03:09 602112 ----a-w- h:\windows\system32\ati2evxx.exe

2009-07-02 16:56 . 2008-06-03 02:59 3014272 ----a-w- h:\windows\system32\ati3duag.dll

2009-07-02 16:54 . 2008-10-29 02:10 11698176 ----a-w- h:\windows\system32\atioglxx.dll

2009-07-02 16:44 . 2008-06-03 02:48 2139904 ----a-w- h:\windows\system32\ativvaxx.dll

2009-07-02 16:44 . 2008-10-11 22:33 887724 ----a-w- h:\windows\system32\ativva6x.dat

2009-07-02 16:44 . 2008-10-11 22:33 3 ----a-w- h:\windows\system32\ativva5x.dat

2009-07-02 16:31 . 2008-06-03 02:33 49664 ----a-w- h:\windows\system32\amdpcom32.dll

2009-07-02 16:28 . 2008-06-03 02:29 487424 ----a-w- h:\windows\system32\atikvmag.dll

2009-07-02 16:26 . 2008-06-03 02:28 151552 ----a-w- h:\windows\system32\atiadlxx.dll

2009-07-02 16:26 . 2008-06-03 02:28 17408 ----a-w- h:\windows\system32\atitvo32.dll

2009-07-02 16:25 . 2008-06-03 02:27 53248 ----a-w- h:\windows\system32\drivers\ati2erec.dll

2009-07-02 16:24 . 2008-06-03 03:04 376832 ----a-w- h:\windows\system32\atiok3x2.dll

2009-07-02 16:20 . 2008-06-03 02:21 651264 ----a-w- h:\windows\system32\ati2cqag.dll

2009-07-02 10:12 . 2008-10-12 22:25 593920 ------w- h:\windows\system32\ati2sgag.exe

2009-06-20 23:13 . 2008-10-11 22:40 -------- d--h--w- h:\programfiler\InstallShield Installation Information

2009-06-18 19:29 . 2008-10-11 22:33 197654 ----a-w- h:\windows\system32\atiicdxx.dat

2009-06-18 16:36 . 2009-06-18 16:36 -------- d-----w- h:\documents and settings\All Users\Programdata\PopCap Games

2009-06-16 14:43 . 2003-04-25 12:00 81920 ----a-w- h:\windows\system32\fontsub.dll

2009-06-16 14:43 . 2003-04-25 12:00 119808 ----a-w- h:\windows\system32\t2embed.dll

2009-06-08 20:55 . 2009-06-08 20:55 -------- d-----w- h:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2009-06-08 20:55 . 2009-06-08 20:55 -------- d-----w- h:\programfiler\DAEMON Tools Toolbar

2009-06-08 20:34 . 2009-06-08 20:34 -------- d-----w- h:\programfiler\Microsoft WSE

2009-06-08 20:16 . 2009-06-08 20:16 721904 ----a-w- h:\windows\system32\drivers\sptd.sys

2009-06-06 13:27 . 2009-06-06 13:27 -------- dc-h--w- h:\documents and settings\All Users\Programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2009-06-03 19:11 . 2003-04-25 12:00 1294336 ----a-w- h:\windows\system32\quartz.dll

2009-05-21 09:33 . 2008-10-24 14:19 410984 ----a-w- h:\windows\system32\deploytk.dll

2009-05-11 21:35 . 2009-05-11 21:35 118784 ----a-w- h:\windows\system32\atibtmon.exe

2009-05-07 15:34 . 2003-04-25 12:00 346112 ----a-w- h:\windows\system32\localspl.dll

2009-01-15 17:28 . 2009-01-15 17:28 604 ---ha-w- h:\programfiler\STLL Notifier

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- h:\programfiler\opera\program\plugins\libdivx.dll

2008-09-10 12:49 . 2008-09-10 12:49 5817064 ----a-w- h:\programfiler\opera\program\plugins\ScorchPDFWrapper.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- h:\programfiler\opera\program\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_02.39.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-05 00:52 . 2009-07-30 02:57 32768 h:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-05 00:52 . 2009-07-19 18:47 32768 h:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-30 02:54 . 2009-07-30 02:54 16384 h:\windows\Temp\Perflib_Perfdata_680.dat

+ 2009-07-30 02:54 . 2009-07-30 02:54 16384 h:\windows\Temp\Perflib_Perfdata_164.dat

+ 2009-06-05 00:52 . 2009-07-30 02:57 32768 h:\windows\Temp\History\History.IE5\index.dat

- 2009-06-05 00:52 . 2009-07-19 18:47 32768 h:\windows\Temp\History\History.IE5\index.dat

+ 2009-06-05 00:52 . 2009-07-30 02:57 16384 h:\windows\Temp\Cookies\index.dat

- 2009-06-05 00:52 . 2009-07-19 18:47 16384 h:\windows\Temp\Cookies\index.dat

- 2007-08-13 16:54 . 2009-03-08 02:31 55296 h:\windows\system32\msfeedsbs.dll

+ 2007-08-13 16:54 . 2009-07-03 17:01 55296 h:\windows\system32\msfeedsbs.dll

+ 2003-04-25 12:00 . 2009-07-03 17:01 206848 h:\windows\system32\occache.dll

- 2007-08-13 16:54 . 2009-03-08 02:32 594432 h:\windows\system32\msfeeds.dll

+ 2007-08-13 16:54 . 2009-07-03 17:01 594432 h:\windows\system32\msfeeds.dll

+ 2003-04-25 12:00 . 2009-07-03 17:01 1208832 h:\windows\system32\urlmon.dll

+ 2003-04-25 12:00 . 2009-07-19 13:18 5937152 h:\windows\system32\mshtml.dll

+ 2007-08-13 16:34 . 2009-07-03 17:01 1985536 h:\windows\system32\iertutil.dll

+ 2007-08-13 16:54 . 2009-07-19 16:48 11067392 h:\windows\system32\ieframe.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="i:\programfiler\uTorrent\uTorrent.exe" [2009-07-17 288048]

"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="h:\documents and settings\Born\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-10-13 133104]

"DAEMON Tools Lite"="i:\programfiler\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="h:\windows\system32\dumprep 0 -u" [X]

"SoundMAXPnP"="h:\programfiler\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"StartCCC"="h:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"avast!"="i:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Adobe Reader Speed Launcher"="h:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="h:\programfiler\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NSSInstallation"="h:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-05-12 181624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="h:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *OODBS

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Launchy.lnk]

path=h:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Launchy.lnk

backup=h:\windows\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Wowhead Client.lnk]

path=h:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Wowhead Client.lnk

backup=h:\windows\pss\Wowhead Client.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^Born^Start-meny^Programmer^Oppstart^Need for Speed™ Undercover Registration.lnk]

path=h:\documents and settings\Born\Start-meny\Programmer\Oppstart\Need for Speed™ Undercover Registration.lnk

backup=h:\windows\pss\Need for Speed™ Undercover Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"IDriverT"=3 (0x3)

"PnkBstrA"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"ATI Smart"=2 (0x2)

"gupdate1c993a53d5cea9a"=2 (0x2)

"O&O Defrag"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\born\\garrysmod\\hl2.exe"=

"i:\\Programfiler\\uTorrent\\uTorrent.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\born\\synergy\\hl2.exe"=

"h:\\WINDOWS\\system32\\PnkBstrA.exe"=

"h:\\WINDOWS\\system32\\PnkBstrB.exe"=

"i:\\Programfiler\\Curse\\CurseClient.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\born\\counter-strike source\\hl2.exe"=

"i:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"i:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"i:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\born\\insurgency\\hl2.exe"=

"h:\\Programfiler\\Electronic Arts\\EADM\\Core.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=

"h:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"h:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"i:\\Programfiler\\Spotify\\spotify.exe"=

"h:\\Programfiler\\Fellesfiler\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"i:\\Programfiler\\Sierra\\FEAR\\FEAR.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\crysis\\Bin32\\Crysis.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\eets\\Eets.exe"=

"i:\\Programfiler\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"i:\\Programfiler\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"i:\\Programfiler\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"i:\\Programfiler\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=

"i:\\Programfiler\\Activision\\Prototype\\prototypef.exe"=

"i:\\Programfiler\\Fallout 3\\Fallout3.exe"=

"i:\\Programfiler\\mIRC\\mirc.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\railroad tycoon 3\\RT3.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\railroad tycoon 2 platinum\\RT2_PLAT.EXE"=

"h:\\Programfiler\\Opera\\opera.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\shattered union\\ShatteredUnion.exe"=

"i:\\Programfiler\\Valve\\Steam\\steamapps\\common\\freedom force\\fforce.exe"=

"i:\\Programfiler\\Bohemia Interactive\\ArmA 2\\arma2.exe"=

"h:\\Programfiler\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"6886:TCP"= 6886:TCP:uTorrent Port 6886

R0 mv61xx;mv61xx;h:\windows\system32\drivers\mv61xx.sys [12.10.2008 00:48 150568]

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [16.03.2009 04:46 114768]

R1 nltdi;nltdi;h:\windows\system32\drivers\nltdi.sys [23.04.2007 13:03 82200]

R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [16.03.2009 04:46 20560]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;h:\windows\system32\drivers\AtiHdmi.sys [13.10.2008 00:26 93696]

R3 QCEmerald;Logitech QuickCam Web;h:\windows\system32\drivers\OVCE.sys [29.07.2009 22:30 31872]

R3 st3bus28;st3bus28;h:\windows\system32\drivers\st3bus28.sys [28.12.2002 13:16 8416]

R3 st3mp28;st3mp28;h:\windows\system32\drivers\st3mp28.sys [28.12.2002 13:16 95328]

S4 gupdate1c993a53d5cea9a;Google Update Service (gupdate1c993a53d5cea9a);h:\programfiler\Google\Update\GoogleUpdate.exe [20.02.2009 23:50 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0e2fc0-b50d-11dd-97a8-00221505f286}]

\Shell\AutoRun\command - E:\AutoRunCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-07-29 h:\windows\Tasks\chester french.job

- i:\downloads\uTorrent Downloads\Musikk\Chester French\Love The Future0-chester_french-love_the_future-2009.m3u [2009-07-24 10:07]

2009-07-30 h:\windows\Tasks\NSSstub.job

- h:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-12 01:18]

2009-07-30 h:\windows\Tasks\User_Feed_Synchronization-{40E7C709-2EE9-495C-85E9-1AC7C0B3F7B6}.job

- h:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - h:\documents and settings\Born\Programdata\Mozilla\Firefox\Profiles\5jxt12a0.default\

FF - prefs.js: network.proxy.type - 2

FF - plugin: h:\programfiler\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: h:\programfiler\Opera\program\plugins\npdivx32.dll

FF - plugin: h:\programfiler\Opera\program\plugins\NPSibelius.dll

FF - plugin: i:\programfiler\DivX\DivX Web Player\npdivx32.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: i:\programfiler\QuickTime\Plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

i:\programfiler\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

i:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

i:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

i:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

i:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-30 05:03

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-1220945662-299502267-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1220945662-299502267-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:4f,9e,98,ae,15,08,c7,d9,32,41,1c,99,ec,76,87,f6,27,7f,d8,cf,d3,

28,a2,4f,e9,a1,1a,53,99,96,1e,81,f1,0c,71,aa,c2,f7,fb,7d,e5,bc,33,60,4f,a9,\

"rkeysecu"=hex:d6,f9,2f,dc,57,0f,60,34,d2,5e,74,2e,7b,d7,ef,54

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG11.00.00.01WORKSTATION"="CE11E7370516317989B0B09C05B1E808B34FA9AC5B213ADB680F8EE410C40A3982E6E668848C5A9A8C4B0

74A5495B0344ABBF953F500825AC335B374CE4D454B0E8F880EB7FEECDD693C1FDD2DB8A470071C3235CD7BED8

EC45712A1A5FA2F36A89539A6CCFB908E3C5EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9

127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667

038D530D6EB3452B4D29DEA583D458CD51F12D9360DE31B99F2EF94DA177DD5547E153C45B574B055DA38AED0F

0FC77E2F6E833A369BE8B3F0789874CAEDA7972AE537CB70260195D5833CDCBD451AC1CA1ED7535E9EFD03B40F

E88D704F7101FA1A6DC5C5CF93C903F74742A6F1413B5F3FAB70195F9C61ABC6B2923AF186BF1251007676DBA8

F8BE7EC65EE4C75A575AD351018101B5211E859DF634DBCDDCE3BB90E480E81BA06743B45455CA733CCB0D4021

4B97770E5B9E17E2A9CCABE6336EF89942FA6C0B672546B4238AF13D896550AD4D029CF58D7A6CC7BB66D993F5

53F0F83BBB333B7DEE67813051B1252317485EF4DC2D4FF44E58698BB411A4A49B1A52BD66F6181A816F3CD211

E6BA9C0CB9FDA17183867EFF7877F117155855B659A6CA42F05433D8EEF499B4575E4C169B9B9CF46144DD8EA3

7AE8282893DC1B9D826BA14C368935EEBC901724D43B5925CCF490F607075148E8174508AF9C65FC3B20BACD75

EB55F5B03676CBC8438AC55E7738BB6ADB235BD6981F27D49D02CDA9E08FC476A48BA597CBDD623A6866E94FC9

8FC43676E96AA0357BE6C9D27425B4BD6136CC084FEB77467E5362285D547E2C53DE396A1D6A735E4619353F73

3A7B29590DE753DCFE4D0145D2966405E27303BF40AC0DB390D1F0F86D85219652C60C86786717CC02AD0DB13A

ECB1042A28433B298C85568ABD2562B4A8AA7BEE66401163C5D4841D5FAE8B26CCA0972C457627CF4A4C48FD23

727FC46407B8D885028461C65DE0A37F723C4F85071C45D76F8E7D6BA17ECDD4F111A10C63F1C2CE50BB4859E1

B1B939F841CB576E82E7792E13F12ACED11FE6222AD10023A1DDFE5B6773488B48E8056E107F9F6B6604470BA2

1CB801CBE4A9F7C39000B98CBB100CD3F7AFD75EC842DDEB669CD64F0BE1A9FCFA1C1AA342D919658AF5AEFC72

2389A3A3CA5414741E09F446FC669250A3C589862A569FD545AEA7CA7C0BCA8DB16DBF85CDF64B257123A21D65

8F301BB04C023D5E8401FCCB37E64DE416E42DD051736E3DF287A1AF28BA8F5DD41EAB2FCA97AE69EFE767DC51

5FF15DF1A41F8D111F7007E26BCFF3E0F821694B3BA4095FDB80AAE35DEEB726F4AB9EB72BAF79F87D5AD9D407

D53B6EE612407B1EAB45D73CCB39CEB00949F3208B747600C6B"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(800)

h:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2668)

h:\windows\system32\msi.dll

h:\windows\system32\webcheck.dll

h:\windows\system32\WPDShServiceObj.dll

h:\windows\system32\PortableDeviceTypes.dll

h:\windows\system32\PortableDeviceApi.dll

.

Tidspunkt ferdig: 2009-07-30 5:04

ComboFix-quarantined-files.txt 2009-07-30 03:04

ComboFix2.txt 2009-07-30 02:40

Pre-Run: 4 148 912 128 byte ledig

Post-Run: 4 105 093 120 byte ledig

311 --- E O F --- 2009-07-28 21:12

Takk.

Atiks · 30. juli 2009

Loggen ser greit ut for meg ,men du kunne kjør en scann med HJT kanskje og poste loggen.

BorN · 30. juli 2009

Takk.

Logg fra Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:37:10, on 30.07.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

I:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

I:\Programfiler\Alwil Software\Avast4\ashServ.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Programfiler\Java\jre6\bin\jqs.exe

I:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

H:\WINDOWS\System32\svchost.exe

H:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

H:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

I:\Programfiler\NetLimiter 2 Pro\NLClient.exe

H:\Programfiler\Analog Devices\Core\smax4pnp.exe

H:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

H:\Programfiler\Java\jre6\bin\jusched.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Documents and Settings\Born\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

H:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

H:\WINDOWS\explorer.exe

I:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

I:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

I:\Programfiler\Valve\Steam\Steam.exe

I:\Programfiler\uTorrent\uTorrent.exe

I:\Programfiler\Mozilla Firefox\firefox.exe

H:\Programfiler\Java\jre6\bin\java.exe

I:\Mine dokumenter\Nedlastinger\HiJackThis.exe

I:\Programfiler\Launchy\Launchy.exe

H:\Programfiler\Opera\opera.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMAXPnP] H:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [startCCC] "H:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [NSSInstallation] H:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce

O4 - HKCU\..\Run: [uTorrent] "I:\Programfiler\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Born\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223765805546

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - I:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - I:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - I:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: WUSB54Gv4SVC - GEMTEKS - H:\Programfiler\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--

End of file - 5803 bytes

snippsat · 30. juli 2009

Loggene ser bra ut.

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Sjekk om software er oppdatert Secunia

Surf trygt.

BorN · 1. august 2009

Takk for hjelpen

Logg inn

Sjekke loggfiler - rutinemessig sjekk

Anbefalte innlegg

BorN

Lenke til kommentar

Videoannonse

Atiks

Lenke til kommentar

BorN

Lenke til kommentar

snippsat

Lenke til kommentar

BorN

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer