mrTii Skrevet 11. desember 2010 Del Skrevet 11. desember 2010 (endret) Hei, Jeg har et problem med min bærbare PC som gjør at hver gang jeg starter PC'en, så fryser den. Jeg klarer å få logget på, men ett minutt eller to senere, så fryser PC'en totalt. Det eneste som virker er musen/touchpaden. Jeg fulgte veiledning, og dette er resultatene: Malwarebytes' Anti-Malware 1.50www.malwarebytes.org Databaseversjon: 5278 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 7.0.6002.18005 09.12.2010 13:46:11 mbam-log-2010-12-09 (13-46-11).txt Skanntype: Hurtigsøk Objekter skannet: 149176 Tid tilbakelagt: 4 minutt(er), 52 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-12-08.04 - Espen 09.12.2010 13:55:29.1.2 - x86 NETWORKMicrosoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2045.1021 [GMT 1:00] Kjører fra: c:\users\Espen\Install filer\ComboFix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Espen\AppData\Roaming\Clue c:\users\Espen\AppData\Roaming\Clue\Clue.ini c:\users\Espen\Documents\cc_20101209_110358.reg . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-11-09 til 2010-12-09 ))))))))))))))))))))))))))))))))) . 2010-12-09 13:05 . 2010-12-09 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-09 12:39 . 2010-12-09 12:39 -------- d-----w- c:\users\Espen\AppData\Roaming\Malwarebytes 2010-12-09 12:39 . 2010-12-09 12:39 -------- d-----w- c:\programdata\Malwarebytes 2010-12-09 12:39 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-09 12:39 . 2010-12-09 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-09 12:39 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-09 10:48 . 2010-12-09 10:48 -------- d-----w- c:\windows\Sun 2010-12-09 10:00 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{812F0B20-6CBC-48C5-A0C2-458E9BB84DAC}\mpengine.dll 2010-12-08 22:27 . 2010-12-08 22:27 -------- d-----w- C:\found.002 2010-12-07 22:25 . 2010-12-07 22:25 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll 2010-12-06 07:26 . 2010-12-06 07:26 -------- d-----w- c:\program files\Pixel Mine(22) 2010-11-29 16:26 . 2010-12-07 17:14 -------- d-----w- c:\users\Espen\*mappe med .psd og .jpg-filer* 2010-11-19 12:21 . 2010-11-19 12:21 -------- d-----w- c:\users\Espen\AppData\Local\The Lord of the Rings Online 2010-11-19 08:50 . 2010-11-19 08:50 -------- d-----w- c:\users\Espen\AppData\Roaming\Turbine 2010-11-19 08:50 . 2010-12-07 22:33 -------- d-----w- c:\users\Espen\AppData\Local\Turbine 2010-11-19 08:05 . 2010-12-09 09:15 -------- d-----w- c:\users\Espen\AppData\Local\ApplicationHistory 2010-11-19 08:02 . 2010-11-19 08:02 -------- d-----w- c:\windows\system32\URTTEMP 2010-11-19 07:15 . 2010-11-19 07:15 -------- d-----w- c:\program files\Codemasters 2010-11-17 17:44 . 2010-11-17 17:44 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-11-17 17:43 . 2010-11-17 17:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-11-17 17:41 . 2010-11-17 17:41 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-11-15 11:50 . 2010-11-15 11:50 -------- d-----w- c:\program files\Nikon 2010-11-15 11:50 . 2010-11-15 11:50 -------- d-----w- c:\program files\Common Files\Nikon 2010-11-15 11:48 . 2010-11-15 11:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2010-11-15 11:48 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2010-11-15 11:48 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2010-11-15 11:48 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2010-11-15 11:48 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2010-11-15 11:48 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2010-11-15 11:48 . 2010-11-15 11:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2010-11-14 12:15 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-14 12:15 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-14 12:15 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-11-14 12:15 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-11-14 12:14 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-11-14 12:14 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-11-10 07:17 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-02 22:05 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-17 08:51 . 2010-09-17 08:51 26435072 ----a-w- c:\windows\system32\imageres.dll 2010-09-15 02:50 . 2010-05-18 16:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-13 13:56 . 2010-10-13 13:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-10 14:53 . 2010-09-10 14:53 201728 ----a-w- c:\windows\system32\CHUCK_Nerd_Herd.scr 2010-06-28 10:20 . 2009-07-10 14:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Espen\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Espen\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Espen\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-10-27 1861944] "Google Update"="c:\users\Espen\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-25 135664] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-18 2975640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-28 30192] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-03 49928] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632] "SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2008-07-14 188416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] c:\users\Espen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Espen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] MannaKorn.lnk - c:\bibel\MANNA32.EXE [2008-10-19 708608] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-07-04 00:02 96008 ----a-w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x] R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2009-04-09 23096] R3 DrmCVideo;DrmCVideo;c:\windows\system32\DRIVERS\DrmCVideo.sys [2009-04-09 3768] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-28 30192] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-05 64160] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-11 717296] S1 aswSP;avast! Self Protection; [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328] S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:41] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836163160-554541750-4183165217-1000Core.job - c:\users\Espen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 15:02] 2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2836163160-554541750-4183165217-1000UA.job - c:\users\Espen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 15:02] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Espen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Espen\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Send av Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send med beskjed(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab FF - ProfilePath - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://nettpanel.tns-gallup.no/Start.aspx?u=NO-PID-00053595&d=NO-DID-00048695&b=NO-BID-00049999|http://ekstraliv.net/|http://www.facebook.com/home.php|http://www.retrowaretv.com/home/TheGamingHistorian/tabid/115/Default.aspx|http://kaizoku-fansubs.com/|http://www.mankin-trad.net|http://www.explosm.net/comics/new/|http://www.dagbladet.no/tegneserie/pondus/|http://www.dagbladet.no/tegneserie/rogersvenner/|http://www.dagbladet.no/tegneserie/nemi/|http://www.dagbladet.no/tegneserie/faktafraverden/|http://www.vgcats.com/comics/|http://www.vgcats.com/super/|http://www.penny-arcade.com/comic/|http://www.cad-comic.com/cad/|http://www.cad-comic.com/sillies/|http://www.brawlinthefamily.com/|http://www.awkwardzombie.com/comic1.php|http://www.virtualshackles.com/|http://www.inktank.com/|http://www.myextralife.com/|http://www.garfield.com/comics/todayscomic.html|http://www.little-gamers.com/|http://www.thenoobcomic.com/index.php|http://www.duelinganalogs.com/|http://www.whattheduck.net/|http://survivingtheworld.net/|http://www.joyfultoons.com/index.html|http://kaizoku-fansubs.com/forum/viewtopic.php?pid=320156|https://fronter.com/nlm/|http://www.salemsauda.no|http://www.norefuge.net/vgng/vgng.html|http://www.lockerz.com/|http://twitter.com/|http://accf.wikispaces.com/Downloadable+Content|http://www.randomfunfacts.com/|http://photography.nationalgeographic.com/photography/photo-of-the-day/?source=NavPhoPOD|http://worldofingar.blogspot.com/|http://www.backloggery.com/changelog.php#reg|http://www.google.no/ FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected]\components\coolirisstub.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\users\Espen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected]\plugins\npcoolirisplugin.dll FF - plugin: c:\users\Espen\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\users\Espen\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Extension: Bible Fox Blue: {0c2508e6-de4c-11db-8314-0800200c9a66} - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66} FF - Extension: Cooliris: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: Battlefield Heroes Updater: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} FF - Extension: TinEye Reverse Image Search: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: Personas: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: My Facebook: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Extension: Virtus Search Opt-in: [email protected] - c:\users\Espen\AppData\Roaming\Mozilla\Firefox\Profiles\ugarfppl.default\extensions\[email protected] FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Extension: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Extension: HP Smart Web Printing: [email protected] - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - TOMME PEKERE FJERNET - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) HKCU-Run-AdobeBridge - (no file) HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe HKLM-Run-NPSStartup - (no file) MSConfigStartUp-Steam - c:\program files\steam\steam.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-09 14:09 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2836163160-554541750-4183165217-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BDFFDD5-4C91-0EC3-6D05-D863A90D1726}*] "haaknadclnpchpcd"=hex:6b,61,6e,66,64,64,6b,65,6d,6f,68,6c,65,64,6a,69,66,65, 64,66,62,6e,00,00 "iagkdgfjcakbhegmpg"=hex:6b,61,6e,66,64,64,6b,65,6d,6f,68,6c,65,64,6a,69,66,65, 64,66,62,6e,00,00 [HKEY_USERS\S-1-5-21-2836163160-554541750-4183165217-1000\Software\SecuROM\License information*] "datasecu"=hex:dc,3a,55,f0,0e,1b,ab,42,ce,04,8c,d8,b1,0e,e9,99,7d,a0,b1,ce,fe, ea,cb,b8,af,97,a2,5b,24,b2,8a,bc,5f,f9,89,fb,a8,ea,c7,8a,42,72,59,10,1b,93,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(736) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll - - - - - - - > 'Explorer.exe'(1772) c:\users\Espen\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infql2.dll c:\windows\system32\BsMobileSDK.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WLANExt.exe c:\program files\Protector Suite QL\upeksvr.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\windows\system32\crypserv.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\STacSV.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tidspunkt ferdig: 2010-12-09 14:19:47 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-12-09 13:19 Pre-Run: 23 766 323 200 byte ledig Post-Run: 21 377 798 144 byte ledig - - End Of File - - 88D61D163E4AD178BBA07F0ADBF4F54E Jeg ser i Combofix-loggen at det fortsatt er spor etter McAfee, som jeg skal ha fjernet for vel over et år siden, men jeg har foreløpig valgt å ikke gjøre noe med det, og heller høre på hva dere har å si. Takker på forhånd for hjelp/svar! Endret 11. desember 2010 av mrTii Lenke til kommentar
mrTii Skrevet 21. desember 2010 Forfatter Del Skrevet 21. desember 2010 ... bump... Lenke til kommentar
geir__hk Skrevet 21. desember 2010 Del Skrevet 21. desember 2010 Hva ble gjort med maskinen mens den ennå virket? Oppdatert drivere? Installert programvare? Lånt den bort til noen andre? Mistet den i gulvet? Lenke til kommentar
mrTii Skrevet 21. desember 2010 Forfatter Del Skrevet 21. desember 2010 Det siste jeg gjorde var å oppdatere Lord of the Rings Online, men det ble avbrutt før det fikk fullføre. Jeg har senere klart å fått innstallert oppdateringen. Bør jeg heller prøve å fjerne det, eller gjør ikke det nok? Og den har hatt et fall i bakken, for circa et år siden, men ikke nå nylig. Lenke til kommentar
mrTii Skrevet 25. desember 2010 Forfatter Del Skrevet 25. desember 2010 Og... Den virker hvis jeg velger gjestekontoen, fant jeg ut i dag. Lenke til kommentar
mrTii Skrevet 26. desember 2010 Forfatter Del Skrevet 26. desember 2010 (endret) Men når jeg prøvde å starte Lord of the Rings Online i gjestekontoen, gikk alt skeis igjen. Gjestekontoen ville heller ikke virke. Og maskinen ville ikke starte, selv i sikkermodus. men etter å ha "reparert" PC'en, har jeg nå tilgang på sikkermodus. Note to self: Det var altså ingen god idé å prøve å spille. Endret 26. desember 2010 av mrTii Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå