Kamelot Skrevet 20. september 2009 Del Skrevet 20. september 2009 (endret) Har i det siste hatt problem med at windowsoppdateringskjoldet vises hele tiden(Virker som en Microsoft Net. Framework-oppdatering ikke fungerer riktig)og jeg synes det er irriterende. Det virker tilsynelatetnde at oppdateringen var vellykket men etter en stund så kommer dette gule skjoldet opp igjen. Jeg har her lagt til en ComboFix og en Mban logg: ComboFix ComboFix 09-09-18.02 - xxxx xxxxxxx 20.09.2009 1:42.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1471.881 [GMT 2:00] Kjører fra: c:\documents and settings\xxxx xxxxxx\Start-meny\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\xxxxx xxxxxxx\Start-meny\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-19 til 2009-09-19 ))))))))))))))))))))))))))))))))) . 2009-09-19 21:19 . 2009-09-19 21:19 -------- d-----w- c:\documents and settings\All Users\Programdata\GARMIN 2009-09-19 12:50 . 2007-09-06 13:53 18944 ----a-w- c:\windows\system32\drivers\SiLib.sys 2009-09-19 12:50 . 2007-09-06 13:53 14848 ----a-w- c:\windows\system32\drivers\DSI_SiUSBXp_3_1.sys 2009-09-18 19:02 . 2009-09-18 19:02 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-09-18 19:00 . 2009-09-18 19:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-09-18 19:00 . 2009-09-18 19:07 107547 ----a-w- c:\windows\system32\drivers\klin.dat 2009-09-18 18:59 . 2009-09-18 18:59 -------- d-----w- c:\documents and settings\All Users\Programdata\Kaspersky Lab 2009-09-18 18:59 . 2009-09-18 18:59 -------- d-----w- c:\programfiler\Kaspersky Lab 2009-09-18 18:58 . 2009-09-18 18:58 -------- d-----w- c:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files 2009-09-18 18:05 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-18 18:05 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-18 18:05 . 2009-09-18 18:05 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-09-18 17:12 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-19 23:07 . 2009-06-09 08:27 -------- d-----w- c:\documents and settings\LocalService.NT-MYNDIGHET.002\Programdata\VMware 2009-09-19 23:07 . 2009-06-09 08:24 -------- d-----w- c:\documents and settings\All Users\Programdata\VMware 2009-09-19 23:05 . 2007-07-10 13:53 12 ----a-w- c:\windows\bthservsdp.dat 2009-09-19 22:54 . 2008-02-22 17:02 -------- d-----w- c:\programfiler\Audible 2009-09-19 22:41 . 2006-02-19 21:30 453542 ----a-w- c:\windows\system32\perfh014.dat 2009-09-19 22:41 . 2006-02-19 21:30 84592 ----a-w- c:\windows\system32\perfc014.dat 2009-09-19 20:46 . 2009-05-14 19:07 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater 2009-09-19 10:46 . 2009-02-06 20:33 -------- d-----w- c:\programfiler\Microsoft Silverlight 2009-09-19 10:37 . 2009-06-04 21:59 -------- d-----w- c:\programfiler\Mozilla Thunderbird 2009-09-18 18:47 . 2009-06-03 13:02 -------- d-----w- c:\programfiler\ESET 2009-09-18 17:33 . 2009-06-09 09:21 -------- d-----w- c:\programfiler\TuneXP 2009-08-05 09:01 . 2006-02-19 21:30 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2006-02-19 21:29 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2006-02-19 21:31 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:01 . 2006-02-19 21:31 915456 ------w- c:\windows\system32\wininet.dll 2009-07-03 13:48 . 2009-07-03 13:48 219664 ----a-w- c:\windows\system32\klogon.dll 2009-07-03 13:45 . 2009-07-03 13:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat 2009-06-25 08:27 . 2006-02-19 21:31 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2006-02-19 21:31 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2006-02-19 21:31 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2006-02-19 21:30 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:27 . 2006-02-19 21:30 730112 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2006-02-19 21:30 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2006-02-19 21:34 92928 ------w- c:\windows\system32\drivers\ksecdd.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-19_11.33.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-19 23:07 . 2009-09-19 23:07 16384 c:\windows\TEMP\Perflib_Perfdata_6ac.dat + 2006-02-19 21:30 . 2009-09-19 22:41 75488 c:\windows\system32\perfc009.dat - 2006-02-19 21:30 . 2009-06-10 00:03 75488 c:\windows\system32\perfc009.dat + 2006-02-19 21:17 . 2008-04-14 16:22 10240 c:\windows\system32\dllcache\npwmsdrm.dll - 2006-02-19 21:33 . 2008-04-14 16:22 10240 c:\windows\system32\dllcache\npwmsdrm.dll - 2006-02-19 21:33 . 2008-04-14 16:22 4639 c:\windows\system32\dllcache\mplayer2.exe + 2006-02-19 21:17 . 2008-04-14 16:22 4639 c:\windows\system32\dllcache\mplayer2.exe + 2006-02-19 21:30 . 2009-09-19 22:41 450234 c:\windows\system32\perfh009.dat - 2006-02-19 21:30 . 2009-06-10 00:03 450234 c:\windows\system32\perfh009.dat + 2006-02-19 21:17 . 2004-08-04 12:00 221184 c:\windows\system32\dllcache\wmpns.dll - 2006-02-19 21:34 . 2004-08-04 12:00 221184 c:\windows\system32\dllcache\wmpns.dll - 2006-02-19 21:33 . 2008-04-14 16:22 364544 c:\windows\system32\dllcache\npdsplay.dll + 2006-02-19 21:17 . 2008-04-14 16:22 364544 c:\windows\system32\dllcache\npdsplay.dll - 2006-02-19 21:33 . 2008-04-14 16:23 226816 c:\windows\system32\dllcache\npdrmv2.dll + 2006-02-19 21:17 . 2008-04-14 16:23 226816 c:\windows\system32\dllcache\npdrmv2.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 3"="c:\programfiler\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\programfiler\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^xxxx xxxxx^Start-meny^Programmer^Oppstart^Memeo AutoBackup Launcher.lnk] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\programfiler\Windows Media Player\WMPNSCFG.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UnlockerAssistant"="c:\programfiler\Unlocker\UnlockerAssistant.exe" "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\programfiler\Mitt familietre\FamtreeV8.exe"= c:\programfiler\Mitt familietre\FamtreeV8.exe:*Enabled:Embla Familie og Slekt "c:\\Programfiler\\VMware\\VMware Player\\vmware-authd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20915:TCP"= 20915:TCP:BitComet 20915 TCP "20915:UDP"= 20915:UDP:BitComet 20915 UDP "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15.12.2008 20:41 33808] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [26.03.2009 22:58 54960] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.05.2009 17:46 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16.05.2009 20:59 19472] R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [05.02.2009 23:27 57408] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys --> c:\windows\system32\Drivers\fsbts.sys [?] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS --> c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys --> c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [?] S2 aswFsBlk;aswFsBlk; [x] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [15.01.2008 13:39 84608] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24.03.2009 13:03 7808] S3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS --> c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [?] S3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [05.02.2009 23:46 9728] S4 AutoSyncService;Memeo AutoSync ; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-19 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-12 19:07] 2009-09-19 c:\windows\Tasks\User_Feed_Synchronization-{8FB702AD-87A5-456E-9AE6-01D8BD082547}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.no/ IE: Add to Anti-Banner - c:\programfiler\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm LSP: c:\programfiler\VMware\VMware Player\vsocklib.dll DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.no/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\xxxxx xxxxx\Programdata\Mozilla\Firefox\Profiles\45lp8zyb.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13757&gct=&gc=1&q= FF - prefs.js: network.proxy.type - 1 FF - component: c:\programfiler\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll FF - plugin: c:\programfiler\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 01:47 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-2469498040-437474263-2059501639-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams] @DACL=(02 0000) @SACL= "ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,90,00,00,00,00,00,01, 00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,90,00,00,00,00,00,00,00,30,00,\ [HKEY_USERS\S-1-5-21-2469498040-437474263-2059501639-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\1] @DACL=(02 0000) @SACL= "ViewView2"=hex:1c,00,00,00,06,00,00,00,00,00,00,00,00,00,9c,00,00,00,00,00,01, 00,00,00,ff,ff,ff,ff,f0,f0,f0,f0,14,00,03,00,9c,00,00,00,00,00,00,00,30,00,\ [HKEY_USERS\S-1-5-21-2469498040-437474263-2059501639-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop] @DACL=(02 0000) @SACL= "Toolbars"=hex:11,00,00,00,00,00,00,00 "TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,03,00,00,00,00,00,00,00,b0,e2,2b,d8, 64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,10,00,00,1a,00,00,00,01,\ "Upgrade"=dword:00000001 [HKEY_USERS\S-1-5-21-2469498040-437474263-2059501639-1006\Software\Microsoft\Windows\Shell\Bags\1] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\WMSET10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\wmset10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\MPSTUB10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\mpstub10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\MPCD10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\mpcd10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}] @DACL=(02 0000) @SACL= "FriendlyName"="Windows Media Files" "ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}" "Version"=dword:000a0000 "Sub-Version"=dword:00000eda "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\WMP10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\wmp10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash] @DACL=(02 0000) @SACL= "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS] @DACL=(02 0000) @SACL= "ProgID"="MsScp.SCPTRANS.1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP] @DACL=(02 0000) @SACL= "ProgID"="WMDMCESP.WMDMCESP" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp] @DACL=(02 0000) @SACL= "PnPAware"=dword:00000001 "ProgID"="WPDSp.WPDServiceProvider" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1888) c:\programfiler\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odLogin.dll - - - - - - - > 'explorer.exe'(3520) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-09-19 1:49 ComboFix-quarantined-files.txt 2009-09-19 23:49 ComboFix2.txt 2009-09-19 11:35 Pre-Run: 35 479 130 112 byte ledig Post-Run: 35 434 356 736 byte ledig Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 344 --- E O F --- 2009-09-19 22:43 Mbam Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2825 Windows 5.1.2600 Service Pack 3 20.09.2009 02:08:10 mbam-log-2009-09-20 (02-08-10).txt Skanntype: Rask Skann Objekter skannet: 126450 Tid tilbakelagt: 4 minute(s), 43 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) På forhånd takk. Kamelot Endret 20. september 2009 av Kamelot Lenke til kommentar
snippsat Skrevet 20. september 2009 Del Skrevet 20. september 2009 Ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
Kamelot Skrevet 20. september 2009 Forfatter Del Skrevet 20. september 2009 Tusen takk for svar fra deg, SNIPPSAT Lenke til kommentar
Kamelot Skrevet 24. september 2009 Forfatter Del Skrevet 24. september 2009 Hmm... Jeg får fremdeles opp denne gule windows update-skjoldet som forteller at oppdateringer er klare for å installeres. Det er den samme oppdateringen som går igjen og det varsler at oppdatteringen var vellykket. Har også prøvd å starte maskinen på nytt. Men det samme skjer: Det gule skjoldet vises i systemfeltet nede til høyre og den ber om at den samme oppdateringen skal installeres. Her er oppdateringen som skal installeres: "Oppdatering for Windows Media Format 11 SDK for Windows XP (KB929399) Detaljer: Størrelse: 626 kB Ved å installere denne oppdateringen løser du et målingsproblem i Microsoft Windows Media Format 11 SDK. Når du har installert dette elementet, kan det hende du må starte datamaskinen på nytt. Mer informasjon om denne oppdateringen finnes på http://support.microsoft.com/kb/929399 Det skal sies at PC-en fungerer og går som ei klokke men det er så jævla irriterende å ha det gule skjoldet i systemfeltet nede til høyre. Mulig jeg bør starte et nytt emne om dette en annen plass på dette forumet. Håper da at noen her kan veilede meg til riktig sted Kamelot Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå