Hjelp til Ad Aware! "Fryser" seg!

[Jonas2]

Heisann!

Jeg har en maskin som jeg pleier å søke igjennom med Ad Aware fra tid til annen.

Men når jeg i går skulle kjøre test, så så det lovende ut. Men når den kom til 5-6000 filer. Så begynte det å gå SVÆRT sakte. Snakk om 1 fil i minuttet. Når jeg skulle på jobb på morraen i dag var den ikke ferdig da engang.

 

Det jeg har prøvd er å diskdefragmentere maskinen og avinstallere - installere nyeste versjon.

 

Noen som har noe tips? Er ganske en ganske viktig jobbmaskin som jeg helst ikke vil ha noe trøbbel med. Men jeg er OK datakyndig, og har prøvd litt @ google. Men fant ingen konkrete svar

 

BTW: De første 5000-7000 filene søkes igjennom som vanelig.

[norbat]

Last ned og kjør en rask skann med Malwarebytes (se veiledningen). Skjer det samme da?

Endret 2. desember 2009 av norbat

[Jonas2]

Har desverre desverre ikke tilgang på maskinen før i morgen tidlig. Siden den er på jobb. Men skal ta å gjøre deg. Så skal jeg se hva som skjer:) Takk for tips!

[Jonas2]

Har nå testet med F-Secure. Det fryser også. Hva må jeg gjøre nå?

Har ikke fått testet med Malwarebytes. Men kan det også senere i dag. Problemet mitt er at jeg må ta se på jobb og hadde vært fint å hatt med meg noen flere tips om hva jeg må gjøre!

 

Mvh Jonas2

[snippsat]

Har nå testet med F-Secure.

Har du ikke antivirus installert?

Husk kun et antivirus på systemet.

 

Ad Aware er ikke noe problem det er anbefalt at du fjerne den, overhode ikke bra.

Virker Malwarebytes bruker du den.

 

Sjekk disk.

Start->kjør->cmd

 

chkdsk /r

Finner skadede sektorer og gjenoppretter lesbar informasjon.

 

chkdsk /f

Retter feil på disken.

 

Grei og rask defragmering.

http://www.auslogics.com/en/software/disk-defrag

[Jonas2]

Har F-Secure installert. Men skal vis det fortsatt ikke funker. Skal jeg ta en HiJackThis logg å legge ut her på forumet?

 

Mest sannsynlig er det et virus. Siden AdAware ble slik når vedkomne åpnet en mail.

[Jonas2]

Har fått disse loggene:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:59:33, on 03.12.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\stsystra.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Winamp Remote\bin\OrbTray.exe

C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe

C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE

C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe

C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Norbits\Future\MSSQL$FUTURE\BinnMSSQL$Future\Binn\sqlservr.exe

c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Programfiler\F-Secure\Common\FSMA32.EXE

C:\Programfiler\F-Secure\Common\FSLAUNCH.EXE

C:\Programfiler\F-Secure\Common\FSLAUNCH.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bUSkvlt] "C:\Programfiler\BUS AS\BUSpek 2000\BUSkvalitet.exe" /auto

O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe

O4 - Global Startup: Service Manager.lnk = C:\Programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136209396337

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://www.ntrsupport.com/nv/inquiero/mod/...tivex118_28.cab

O16 - DPF: {FC647808-D789-43D4-97AE-4914A4394D4C} (RequestLoginX Control) - http://www.toleranceonline.com/RequestLoginProj1.ocx

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: dkab_device - Dell - C:\WINDOWS\system32\DKabcoms.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE

O23 - Service: Googles oppdateringstjeneste (gupdate1ca3ffe3fddb83e) (gupdate1ca3ffe3fddb83e) - Unknown owner - C:\Programfiler\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe

 

 

 

Og denne:

 

 

 

ComboFix 09-12-02.08 - Vennesla Bilteknikk 03.12.2009 19:49.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1022.596 [GMT 1:00]

Kjører fra: c:\documents and settings\Vennesla Bilteknikk\Skrivebord\ComboFix.exe

AV: F-Secure Anti-Virus 5.44 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Vennesla Bilteknikk\Favoritter\Online Security Test.url

c:\documents and settings\Vennesla Bilteknikk\Programdata\AdProtect NoSpam

c:\documents and settings\Vennesla Bilteknikk\Programdata\AdProtect NoSpam\Settings.xml

c:\programfiler\License_Manager

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-03 til 2009-12-03 )))))))))))))))))))))))))))))))))

.

 

2009-12-03 18:26 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-03 18:20 . 2009-12-03 18:30 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-12-02 14:30 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-12-02 14:27 . 2009-12-02 14:27 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-02 14:27 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

2009-11-10 15:27 . 2009-11-10 15:27 -------- d-----w- c:\programfiler\Norbits

2009-11-10 15:22 . 2009-11-10 15:23 -------- d-----w- C:\Future

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-02 14:25 . 2008-02-01 14:00 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft

2009-12-02 14:25 . 2007-03-23 14:35 -------- d-----w- c:\programfiler\Lavasoft

2009-11-10 15:28 . 2004-09-28 13:07 512486 ----a-w- c:\windows\system32\perfh014.dat

2009-11-10 15:28 . 2004-09-28 13:07 106552 ----a-w- c:\windows\system32\perfc014.dat

2009-10-16 06:50 . 2006-01-02 12:32 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-10-14 06:15 . 2007-09-25 09:49 -------- d-----w- c:\programfiler\Microsoft SQL Server

2009-09-28 05:44 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-09-28 05:44 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-09-23 11:44 . 2006-01-03 13:38 25680 ----a-w- c:\documents and settings\Vennesla Bilteknikk\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-09-11 14:20 . 2004-09-28 13:07 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:05 . 2004-09-28 13:07 58880 ----a-w- c:\windows\system32\msasn1.dll

2006-04-12 12:09 . 2006-04-12 12:09 26922 ----a-w- c:\programfiler\moviepass Terms.html

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\programfiler\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

 

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"BUSkvlt"="c:\programfiler\BUS AS\BUSpek 2000\BUSkvalitet.exe" [2009-07-14 2500608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"F-Secure Manager"="c:\programfiler\F-Secure\Common\FSM32.EXE" [2005-09-19 106571]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]

"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Vennesla Bilteknikk\Start-meny\Programmer\Oppstart\

Task Manager.lnk - c:\windows\system32\taskmgr.exe [2004-9-28 136704]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Service Manager.lnk - c:\programfiler\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2001-4-17 74308]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Frls\\MSM.EXE"=

"c:\\WINDOWS\\system32\\DKabcoms.exe"=

"c:\\Programfiler\\BUS AS\\BUSpek 2000\\BUSpek2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Frls\\FTP.EXE"=

"c:\\Programfiler\\BUS AS\\BUSpek 2000\\BUSkvalitet.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02.12.2009 15:30 64288]

R2 F-Secure Filter;F-Secure File System Filter;c:\programfiler\F-Secure\Anti-Virus\win2k\FSfilter.sys [14.03.2006 20:30 48720]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programfiler\F-Secure\Anti-Virus\win2k\fsgk.sys [14.03.2006 20:30 48256]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\programfiler\F-Secure\Anti-Virus\win2k\FSrec.sys [14.03.2006 20:30 16048]

R2 FSpm;F-Secure Policy Manager;c:\programfiler\F-Secure\Common\FSpm.sys [14.03.2006 20:30 65328]

R2 MSSQL$Future;MSSQL$Future;c:\programfiler\Norbits\Future\MSSQL$FUTURE\BinnMSSQL$Future\Binn\sqlservr.exe -sFuture --> c:\programfiler\Norbits\Future\MSSQL$FUTURE\BinnMSSQL$Future\Binn\sqlservr.exe -sFuture [?]

S2 BackWeb Client - 7681197;F-Secure BackWeb;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [14.03.2006 20:31 16384]

S2 gupdate1ca3ffe3fddb83e;Googles oppdateringstjeneste (gupdate1ca3ffe3fddb83e);c:\programfiler\Google\Update\GoogleUpdate.exe [28.09.2009 06:40 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [24.09.2009 12:17 1184912]

S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

S3 SQLAgent$Future;SQLAgent$Future;c:\programfiler\Norbits\Future\MSSQL$FUTURE\BinnMSSQL$Future\Binn\sqlagent.EXE -i Future --> c:\programfiler\Norbits\Future\MSSQL$FUTURE\BinnMSSQL$Future\Binn\sqlagent.EXE -i Future [?]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-12-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 14:29]

 

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-09-28 05:40]

 

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-09-28 05:40]

 

2009-12-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

IE: &Winamp Search - c:\documents and settings\All Users\Programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {FC647808-D789-43D4-97AE-4914A4394D4C} - hxxp://www.toleranceonline.com/RequestLoginProj1.ocx

FF - ProfilePath - c:\documents and settings\Vennesla Bilteknikk\Programdata\Mozilla\Firefox\Profiles\epok67mb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Winamp Search

FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\documents and settings\Vennesla Bilteknikk\Programdata\Mozilla\Firefox\Profiles\epok67mb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\programfiler\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npnul32.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NPOFFICE.DLL

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\nppdf32.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\nppl3260.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\nprjplug.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\progra~1\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

 

AddRemove-Ad-Aware - c:\documents and settings\All Users\Programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE

AddRemove-Public Messenger ver 2.03 - c:\programfiler\Video ActiveX Object\pmunst.exe

AddRemove-RealPlayer 12.0 - c:\programfiler\Fellesfiler\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Vennesla Bilteknikk\Programdata\Mozilla\Firefox\Profiles\epok67mb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe

AddRemove-notify - c:\programfiler\License_Manager\license_manager.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-03 19:54

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-71361166-495779642-2794606089-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Tidspunkt ferdig: 2009-12-03 19:56

ComboFix-quarantined-files.txt 2009-12-03 18:56

 

Pre-Run: 219 679 129 600 byte ledig

Post-Run: 221 561 675 776 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

 

- - End Of File - - DE6B60E49167146F1476D8BEE473B8FF

 

 

 

Fikk ikke installert Malwarebytes. Denne installasjonen stopper. Det samme skjer vis jeg installer andre programmmer.

Endret 4. desember 2009 av Jonas2