nor80 Skrevet 3. september 2008 Del Skrevet 3. september 2008 Etter at jeg får opp feilmelding om Rundll32, lydenhet i bruk av annet program (får ingen lyd på pc), Mcafee kjørt i kne, får ikke oppdatert pluss mye mere problemer.. Windows sikkerhetssenter virker ikke som det skal, samt problemer med å avinstallere programmer. Brukte denne guiden https://www.diskusjon.no/index.php?showtopic=691246 Trenger hjelp til å forstå loggfilene!? Håper det er noen greie proffer der, selv er jeg helt hjelpesløs.. Her er de: MBAM: Malwarebytes' Anti-Malware 1.26 Database versjon: 1110 Windows 6.0.6000 03.09.2008 19:49:36 mbam-log-2008-09-03 (19-49-36).txt Skanntype: Rask Skann Objekter skannet: 41192 Tid tilbakelagt: 2 minute(s), 36 second(s) Combofix Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:11:52, on 03.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\OEM02Mon.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\test.exe\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.125.176.132:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?') O4 - HKUS\S-1-5-21-1609830392-3346183006-637469417-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?') O4 - HKUS\S-1-5-21-1609830392-3346183006-637469417-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-1609830392-3346183006-637469417-1000\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User '?') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{49F6BDCB-DFB2-4782-8455-482039DA35EB}: NameServer = 212.125.176.132 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: McAfee Application Installer Cleanup (0119141217281974) (0119141217281974mcinstcleanup) - Unknown owner - C:\Windows\TEMP11914~1.EXE (file missing) O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9484 bytes Combofix ComboFix 08-09-01.05 - Ove 2008-09-03 19:55:15.1 - NTFSx86 Running from: C:\Users\xxx\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))) . 2008-09-03 19:45 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-03 19:45 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-03 19:41 . 2008-09-03 19:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-03 19:35 . 2008-09-03 19:35 <DIR> d-------- C:\Program Files\CCleaner 2008-09-01 21:58 . 2008-09-01 21:58 <DIR> d-------- C:\Program Files\MSECACHE 2008-09-01 19:52 . 2008-09-01 19:52 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-31 08:40 . 2008-08-31 08:40 <DIR> d-------- C:\Users\xxx\AppData\Roaming\Malwarebytes 2008-08-31 08:40 . 2008-08-31 08:40 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-08-31 08:40 . 2008-08-31 08:40 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-08-31 08:40 . 2008-09-03 19:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-30 22:13 . 2008-08-30 22:13 <DIR> d-------- C:\Users\xxx\AppData\Roaming\McAfee 2008-08-30 22:02 . 2008-08-30 22:06 <DIR> d-------- C:\Program Files\RegCure 2008-08-18 22:29 . 2008-08-18 22:29 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 20:18 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-30 20:13 --------- d-----w C:\ProgramData\McAfee 2008-08-28 20:49 3,720 ----a-w C:\Users\xxx\AppData\Roaming\wklnhst.dat 2008-07-22 20:49 --------- d--h--w C:\ProgramData\CanonBJ 2008-07-22 20:47 --------- d-----w C:\Program Files\Common Files\Canon 2008-07-22 19:03 --------- d-----w C:\Program Files\McAfee 2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini 2008-07-10 01:00 --------- d-----w C:\Program Files\Windows Mail 2008-07-06 21:06 --------- d-----w C:\ProgramData\Avanquest Bluetooth SDK 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-03-29 09:09 27,145 ----a-w C:\Users\xxx\AppData\Roaming\nvModes.dat 2008-03-14 16:51 74 --sh--r C:\Windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-04-17 01:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-04-17 01:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-23 171448] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 356352] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-27 1029416] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-25 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-25 8478720] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-25 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-09-25 81920] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-03-14 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-14 1838592] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-03-14 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-04-17 01:04 86528 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3BC5E7D4-EE4A-466B-AFE7-AFD53F08FBF8}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{EC3A3629-CBB4-4B0D-8F4D-BD4E54FA1B93}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{58DA5760-38B6-42EF-82BA-6AD4F85FCD98}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{AF8167B9-54D1-49ED-B9BE-F243821F7FEB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{7321D707-DEA1-4893-8233-21A7E08CACC6}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{99FA8966-E97E-4410-B519-FF4AB5D92A4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - IPNAT . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-BVRPLiveUpdate - C:\Program Files\Avanquest update\Engine\Setup.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ R1 -: HKCU-Internet Settings,ProxyServer = 212.125.176.132:8080 O8 -: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 -: HKLM\CCS\Interface\{49F6BDCB-DFB2-4782-8455-482039DA35EB}: NameServer = 212.125.176.132 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 20:00:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fingerprint Reader Suite\upeksvr.exe C:\Windows\System32\AEstSrv.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\System32\stacsv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-09-03 20:04:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-03 18:03:57 Pre-Run: 138,640,015,360 byte ledig Post-Run: 138,427,494,400 byte ledig 159 --- E O F --- 2008-09-02 02:48:05 Lenke til kommentar
r2d290 Skrevet 3. september 2008 Del Skrevet 3. september 2008 (endret) Hei, og velkommen til forumet Vet ikke om det er en god eller dårlig nyhet, men jeg kan ikke finne noe malware-relatert i de loggene. Etter at jeg får opp feilmelding om Rundll32, lydenhet i bruk av annet program (får ingen lyd på pc), Mcafee kjørt i kne, får ikke oppdatert pluss mye mere problemer.. Windows sikkerhetssenter virker ikke som det skal, samt problemer med å avinstallere programmer. Kanskje du kan beskrive disse hendelsene litt nermere (hva du gjør idét disse problemene kommer opp, hva slags feilmelding osv.) så kanskje vi kommer litt nærmere en løsning. Er det lenge siden alt dette fungerte som det skulle? Endret 3. september 2008 av r2d290 Lenke til kommentar
nor80 Skrevet 3. september 2008 Forfatter Del Skrevet 3. september 2008 Hei, Takk for kjapp respons! 1.Når jeg prøver å starte en fil i Windows mediaplayer kommer det opp: Kan ikke spille av filen fordi det er et problem med lydenheten. Det kan være at ingen lydenheter er installert på datamaskinen, at lydenheten brukes av et annet program eller at lydenheten ikke fungerer som den skal. Når jeg trykker på lyd i kontrollpanel sier de at denne datamaskinen kan ikke spille av lyd fordi windows audio ikke er aktivert Vil du aktivere? ja--> Windows vertsprosess rundll har sluttet og virke (ingen løsning tilgjengelig). 2. C\program files\mcafee\virusscan\mytilus3_server.dll er enten ikke laget for å kjøre under windows eller innholder en feil. Det anbefales ny installering av program. On acess scanner har sluttet å virke. 3 Får ikke slått på beskytt mot skadelig programvare i windows sikkerhetssenter. Det henger seg når den skal oppdaterer definisjoner for W defender. 4. Maskinen har 2 gang måttet startet fra en tidligere recovery. Det skjedde første gang for ca en mnd siden da lyden forsvant og senest i går da jeg lastet ned Avast. Under skanning før oppstart. Etter da har jeg f.eks ikke fåt avinstallert Sony pc suite. Prøvde å kopiere inn teksten fra windows problemlogg, men fikk det ikke til. Håper det var forståelig Lenke til kommentar
nor80 Skrevet 3. september 2008 Forfatter Del Skrevet 3. september 2008 Nå forstod jeg hvordan jeg kan få utskrift til problemlogg, legger de 2 her vi de kan være til nytte.. Her er den for Rundll32 Problemsignatur Problemhendelsesnavn: APPCRASH Programnavn: rundll32.exe Programversjon: 6.0.6000.16386 Tidsstempel for program: 4549b0e1 Navn på feilmodul: mmsys.cpl Feilmodulversjon: 6.0.6000.16386 Tidsstempel for feilmodul: 4549bd05 Unntakskode: c0000005 Unntaksforskyvning: 0000aa23 OS-versjon: 6.0.6000.2.0.0.768.3 ID for nasjonal innstilling: 1044 Tilleggsinformasjon 1: 0832 Tilleggsinformasjon 2: 685123131b2394692a5242564f12eb2c Tilleggsinformasjon 3: 395e Tilleggsinformasjon 4: d47457aadaada3a4039244056ea4eaba Ekstra informasjon om problemet Minneområde-ID: 354861406 Windows explorer sluttet å virke og måtte stenge (2 ganger): Problemsignatur Problemhendelsesnavn: APPCRASH Programnavn: Explorer.EXE Programversjon: 6.0.6000.16549 Tidsstempel for program: 46d230c5 Navn på feilmodul: OLEAUT32.dll Feilmodulversjon: 6.0.6000.16609 Tidsstempel for feilmodul: 4757753e Unntakskode: c0000005 Unntaksforskyvning: 00003ddf OS-versjon: 6.0.6000.2.0.0.768.3 ID for nasjonal innstilling: 1044 Tilleggsinformasjon 1: 8d13 Tilleggsinformasjon 2: cdca9b1d21d12b77d84f02df48e34311 Tilleggsinformasjon 3: 8d13 Tilleggsinformasjon 4: cdca9b1d21d12b77d84f02df48e34311 Filer som beskriver problemet Version.txt AppCompat.txt memory.hdmp minidump.mdmp Lenke til kommentar
norbat Skrevet 9. september 2008 Del Skrevet 9. september 2008 Dette er ikke et malware-problem. En av filene som framstår i feilrapporten er knyttet til lydkortet du bruker. Har du forsøkt å oppdatere med nyeste driver? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå