kaffi Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Hei Jeg har problemer med windows update, både det å komme innpå "w i n d o w s u p d a t e . m i c r o s o f t . c o m" All bruk av den linken blir sperret, når jeg kjører tracert på dette blir det stoppet i løpet av kjeden av ip'er Jeg har kjørt nyeste av AVG AD Aware Search and destroy Har dere forslag ? Jeg blir til og med sperret om jeg prøver å skrive linken til win update inn her så noe er temmelig galt en plass. Med sperre mener jeg at jeg får opp at internetten bryter, som om at jeg ikke skulle ha internett tilstede. Maleware hurtigskann fant ingenting. Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Last ned Hijackthis. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 (endret) Her er loggen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:17:44, on 06.10.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.50.1.254:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8212 bytes Endret 6. oktober 2010 av kaffi Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Skjer det samme om du 'slår av' proxy-innstillingene også? Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 Så vidt jeg vet er proxy instillingne mine av, de bruker jeg bare på jobb, om de står på så fungerer ikke internetten i de heletatt hjemme. Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Dobbeltsjekk allikevel Kontrollpanel->alternativer for internett->tilkoblinger->lan-innstillinger Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 (endret) Yepp de er slått av. Men det er jo det som er litt merkelig at jeg ikke kan skrive "windows update .com" som en link noen plass uten å bli stoppet Endret 6. oktober 2010 av kaffi Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Prøv å 'nullstille' nettleseren. Kontrollpanel->alternativer for internett->Avansert. Gjenopprett avanserte innstillinger + tilbakestill... Sjekk også om HOSTS-fila inneholder noen begrensinger: C:\Windows\System32\Drivers\etc, velg å se alle filer, åpne hosts-fila Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 Prøvde å tilbakestille IE uten at det ble bedre å jeg kan ikke finne noen sperrer på Microsoft update sider i host fila Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Er det kun windows update som blir blokkert? Prøv å slå av sikkerhetsprogrammene dine (avg, spybot, adaware) og se om det kan være noe der som lager krøll Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 (endret) Hei Jeg kom over noe mistenkelig, IE har poppet opp av seg selv en gang i døgne uten at jeg har tenkt noe over det pga at den starter bare på startsiden www.google.com MEN nå så jeg at den går på denne siden først http://memphismedicalsupplies.com /default.pk?tsearch=update.microsoft.com&search_button.x=0&search_button.y=0 å i linken der står det jo noe om update microsoft Noen erfaring ? Endret 6. oktober 2010 av kaffi Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Kjør combofix og post loggen Se veiledningen Lenke til kommentar
kaffi Skrevet 6. oktober 2010 Forfatter Del Skrevet 6. oktober 2010 ser ut til at det har løst seg nå, Men her er loggen om du vil se ComboFix 10-10-05.06 - Øystein 06.10.2010 20:46:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3070.2263 [GMT 2:00] Kjører fra: c:\users\Øystein\Downloads\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DFR7ED1.tmp C:\DFRA68C.tmp c:\windows\system32\AutoRun.inf D:\Autorun.inf Infisert kopi av c:\windows\system32\drivers\intelide.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-06 til 2010-10-06 ))))))))))))))))))))))))))))))))) . 2010-10-06 18:50 . 2010-10-06 18:50 -------- d-----w- c:\users\Mcx2\AppData\Local\temp 2010-10-06 18:50 . 2010-10-06 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-06 18:01 . 2010-10-06 18:01 -------- d-----w- c:\program files\CCleaner 2010-10-06 13:16 . 2010-10-06 13:16 388096 ----a-r- c:\users\Øystein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-06 13:16 . 2010-10-06 13:16 388096 ----a-r- c:\users\Øystein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-06 13:16 . 2010-10-06 13:16 -------- d-----w- c:\program files\Trend Micro 2010-10-06 13:12 . 2010-10-06 13:12 63488 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-10-06 13:12 . 2010-10-06 13:12 63488 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-10-06 13:12 . 2010-10-06 13:12 52224 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-10-06 13:12 . 2010-10-06 13:12 52224 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-10-06 13:12 . 2010-10-06 13:12 117760 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-10-06 13:12 . 2010-10-06 13:12 117760 ----a-w- c:\users\Øystein\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-10-06 10:58 . 2010-10-06 10:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-10-06 10:58 . 2010-10-06 10:59 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-10-06 10:42 . 2010-10-06 10:42 -------- d-----w- c:\program files\Common Files\Java 2010-10-06 10:41 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-06 10:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-06 10:26 . 2010-10-06 10:26 -------- d-----w- c:\programdata\Malwarebytes 2010-10-06 10:26 . 2010-10-06 10:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-06 10:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-24 09:17 . 2007-05-21 17:45 1140312 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe 2010-09-24 09:17 . 2007-05-21 17:39 1099352 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe 2010-09-24 09:17 . 2006-10-24 19:47 534528 ------w- c:\programdata\HP\Installer\Temp\dpinst_x32\dpinst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-06 18:43 . 2009-06-05 21:07 76478 ----a-w- c:\windows\system32\perfc014.dat 2010-10-06 18:43 . 2009-06-05 21:07 452326 ----a-w- c:\windows\system32\perfh014.dat 2010-10-06 18:37 . 2009-05-15 19:28 287676 ----a-w- c:\programdata\nvModes.dat 2010-10-06 18:35 . 2009-05-11 13:13 3873 ----a-w- c:\windows\bthservsdp.dat 2010-10-06 18:05 . 2009-09-09 00:04 -------- d-----w- c:\program files\WinISD 2010-10-06 18:02 . 2009-05-30 03:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-10-06 10:41 . 2009-05-11 22:24 -------- d-----w- c:\program files\Java 2010-10-06 10:36 . 2009-05-12 23:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-06 00:30 . 2009-05-12 22:35 -------- d-----w- c:\program files\mIRC 2010-09-24 09:19 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat 2010-09-24 09:19 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infpub.dat 2010-09-24 09:19 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat 2010-08-09 18:34 . 2010-07-27 15:59 -------- d-----w- c:\programdata\Apple 2010-08-09 18:31 . 2010-08-09 16:37 -------- d-----w- c:\programdata\Apple Computer 2010-08-09 16:38 . 2010-08-09 16:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-09 16:37 . 2010-08-09 16:37 -------- d-----w- c:\program files\QuickTime 2010-08-01 21:38 . 2010-08-01 21:38 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-08-01 21:38 . 2010-08-01 21:38 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-08-01 21:38 . 2010-08-01 21:38 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-08-01 21:38 . 2010-08-01 21:38 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-08-01 21:37 . 2010-08-01 21:37 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-07-31 13:27 . 2010-07-31 13:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-07-31 13:27 . 2010-03-19 13:58 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-07-31 13:26 . 2010-07-31 13:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-07-27 14:40 . 2009-05-11 13:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-27 14:40 . 2010-07-27 14:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-27 14:40 . 2009-05-11 13:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-12-14 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-23 202256] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-11-14 10:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576] R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x] R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-03 691696] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-31 64288] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-27 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-27 243024] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-27 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-27 308136] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-31 1352832] S3 BthAvrcp;Bluetooth-AVRCP-profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2010-02-05 28048] S3 BTHFILT;Bluetooth-kommandofilter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-11-06 13824] S3 cxbu0wdm;OMNIKEY 4321;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-10-06 c:\windows\Tasks\User_Feed_Synchronization-{D72F53D6-12D2-4A5C-80C8-EB820DDE07F1}.job - c:\windows\system32\msfeedssync.exe [2010-05-16 04:54] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate FF - ProfilePath - c:\users\Øystein\AppData\Roaming\Mozilla\Firefox\Profiles\hc52jxne.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ViZ2b5di&q= FF - prefs.js: network.proxy.ftp - 10.50.1.254 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - 10.50.1.254 FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - 10.50.1.254 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 10.50.1.254 FF - prefs.js: network.proxy.socks_port - 80 FF - prefs.js: network.proxy.ssl - 10.50.1.254 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ViZ2b5di&q= c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-SpybotSD TeaTimer - h:\spybot - search & destroy\TeaTimer.exe MSConfigStartUp-NSLauncher - c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - h:\spybot - search & destroy\unins000.exe . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(600) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infql2.dll . Tidspunkt ferdig: 2010-10-06 20:52:33 ComboFix-quarantined-files.txt 2010-10-06 18:52 Pre-Run: 2 314 776 576 byte ledig Post-Run: 2 409 074 688 byte ledig - - End Of File - - 29FD5C47371965C38926FE5CA0DC5B39 Lenke til kommentar
norbat Skrevet 6. oktober 2010 Del Skrevet 6. oktober 2010 Loggen ser grei ut. Fint at det ordnet seg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå