Enya Skrevet 6. februar 2010 Rapporter Del Skrevet 6. februar 2010 Hei Routeren i naboens nettverk "kræsjer" rimelig ofte. Siden jeg ikke finner noe feil i oppsett av nettverk/router søker jeg hjelp her. Kommer til å legge ut logger for en pc om gangen, for å se om de er rene. Takker for hjelp Altså, pc nr 1. MBAM viser ren logg, kjørte combofix, men dette resulterte i bluscreen hver gang. Legger derfor ut logg med DDS. MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3697 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 06.02.2010 16:35:16 mbam-log-2010-02-06 (16-35-16).txt Skanntype: Rask Skann Objekter skannet: 125873 Tid tilbakelagt: 16 minute(s), 32 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) DDS Klikk for å se/fjerne innholdet nedenfor DDS (Ver_09-12-01.01) - NTFSx86 Run by suskol at 17:14:01,10 on 06.02.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1274 [GMT 1:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programfiler\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programfiler\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Apoint2K\Apoint.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Programfiler\Apoint2K\ApMsgFwd.exe C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe C:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Programfiler\Lenovo\Zoom\TpScrex.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Windows Live\Toolbar\wltuser.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\suskol\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://fuv.hfk.no uDefault_Page_URL = hxxp://fuv.hfk.no uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programfiler\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programfiler\java\jre1.6.0_05\bin\ssv.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programfiler\google\googletoolbar1.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\3.1.807.1746\swg.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programfiler\windows live\toolbar\wltcore.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programfiler\google\googletoolbar1.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programfiler\windows live\toolbar\wltcore.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [MessengerPlus3] "c:\programfiler\messengerplus! 3\MsgPlus.exe" /WinStart uRun: [msnmsgr] "c:\programfiler\windows live\messenger\msnmsgr.exe" /background uRun: [swg] c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MathPlayer 2.10d; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.pockgames.com/free-games/290/Barn-Yard-Jersey-Joyride.html" mRun: [TPHOTKEY] c:\programfiler\lenovo\hotkey\TPOSDSVC.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TpShocks] TpShocks.exe mRun: [Apoint] c:\programfiler\apoint2k\Apoint.exe mRun: [PSQLLauncher] "c:\programfiler\thinkvantage fingerprint software\launcher.exe" /startup mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPFNF7] c:\programfiler\lenovo\npdirect\TPFNF7SP.exe /r mRun: [QuickTime Task] "c:\programfiler\quicktime\qttask.exe" -atboottime mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe mRun: [ccApp] "c:\programfiler\fellesfiler\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Acrobat Assistant 8.0] "c:\programfiler\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\felles~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 8.0\reader\Reader_sl.exe" dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" IE: Append to existing PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programfiler\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\programfiler\java\jre1.6.0_05\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programfiler\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207676639328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\programfiler\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\programfiler\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\programfiler\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\programfiler\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\programfiler\design science\mathplayer\MathMLMimer.dll Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: psfus - c:\windows\system32\psqlpwd.dll Notify: tpfnf2 - c:\programfiler\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\programfiler\lenovo\hotkey\tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll LSA: Notification Packages = scecli psqlpwd mASetup: {02F6399F-D184-0735-DFF6-3FCA8D6567B7} - c:\windows\system32\explorer.exe ============= SERVICES / DRIVERS =============== R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 SAVRT;SAVRT;c:\programfiler\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\programfiler\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\programfiler\fellesfiler\symantec shared\ccEvtMgr.exe [2007-5-29 192104] R2 ccSetMgr;Symantec Settings Manager;c:\programfiler\fellesfiler\symantec shared\ccSetMgr.exe [2007-5-29 169576] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-10 54752] R2 SavRoam;SAVRoam;c:\programfiler\symantec antivirus\SavRoam.exe [2007-10-7 116664] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\fellesfiler\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896] R2 Symantec AntiVirus;Symantec AntiVirus;c:\programfiler\symantec antivirus\Rtvscan.exe [2007-10-7 1822648] R2 WinDefend;Windows Defender;c:\programfiler\windows defender\MsMpEng.exe [2006-11-3 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\fellesfiler\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448] R3 NAVENG;NAVENG;c:\progra~1\felles~1\symant~1\virusd~1\20100204.006\naveng.sys [2010-2-4 84912] R3 NAVEX15;NAVEX15;c:\progra~1\felles~1\symant~1\virusd~1\20100204.006\navex15.sys [2010-2-4 1324720] S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2010-2-6 261632] S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\programfiler\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-9 14336] =============== Created Last 30 ================ 2010-02-06 15:49:50 0 d-s---w- C:\ComboFix 2010-02-06 15:38:09 98816 ----a-w- c:\windows\sed.exe 2010-02-06 15:38:09 77312 ----a-w- c:\windows\MBR.exe 2010-02-06 15:38:09 261632 ----a-w- c:\windows\PEV.exe 2010-02-06 15:38:09 161792 ----a-w- c:\windows\SWREG.exe 2010-02-03 19:58:58 54156 ---ha-w- c:\windows\QTFont.qfn 2010-02-03 19:58:58 1409 ----a-w- c:\windows\QTFont.for ==================== Find3M ==================== 2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 12:18:34 80384 ----a-w- c:\windows\system32\perfc014.dat 2010-01-05 12:18:34 444914 ----a-w- c:\windows\system32\perfh014.dat 2009-12-21 19:10:29 916480 ----a-w- c:\windows\system32\wininet.dll 2001-03-28 10:02:58 122880 ----a-w- c:\windows\inf\agfa\message.exe 2008-04-30 07:03:55 16384 --sha-w- c:\windows\system32\config\systemprofile\lokale innstillinger\programdata\microsoft\feeds cache\index.dat ============= FINISH: 17:14:33,26 =============== Lenke til kommentar
norbat Skrevet 6. februar 2010 Rapporter Del Skrevet 6. februar 2010 Prøv og kjør combofix fra sikker modus. Lenke til kommentar
Enya Skrevet 6. februar 2010 Forfatter Rapporter Del Skrevet 6. februar 2010 Kommer ikke inn i sikkerhetsmodus, er en skolepc så jeg mangler passordet. Fikk riktignok komt meg gjennom i vanlig modus etter noen forsøk. Logg Klikk for å se/fjerne innholdet nedenfor ComboFix 10-02-05.04 - suskol 06.02.2010 20:25:26.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1312 [GMT 1:00] Kjører fra: c:\documents and settings\suskol\Skrivebord\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-06 til 2010-02-06 ))))))))))))))))))))))))))))))))) . Ingen nye filer opprettet i dette tidsrommet . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-06 19:24 . 2008-04-29 08:37 -------- d-----w- c:\programfiler\Symantec AntiVirus 2010-02-06 15:14 . 2009-05-31 16:58 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-01-31 18:25 . 2008-10-15 08:24 -------- d-----w- c:\programfiler\GeoGebra 2010-01-14 10:12 . 2009-10-11 16:02 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-07 15:07 . 2009-05-31 16:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-05-31 16:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 12:18 . 2008-04-09 04:10 80384 ----a-w- c:\windows\system32\perfc014.dat 2010-01-05 12:18 . 2008-04-09 04:10 444914 ----a-w- c:\windows\system32\perfh014.dat 2009-12-21 19:10 . 2008-04-09 04:10 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-14 07:07 . 2009-12-14 07:07 1647984 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVEX32A.DLL 2009-12-14 07:07 . 2009-12-14 07:07 1323568 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVEX15.SYS 2009-12-14 07:07 . 2009-12-14 07:07 84912 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVENG.SYS 2009-12-14 07:07 . 2009-12-14 07:07 177520 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVENG32.DLL 2009-12-14 07:07 . 2009-12-14 07:07 102448 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\ERASER.SYS 2009-12-14 07:07 . 2009-12-14 07:07 371248 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\EECTRL.SYS 2009-12-14 07:07 . 2009-12-14 07:07 2747440 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\CCERASER.DLL 2009-12-14 07:07 . 2009-12-14 07:07 259440 ----a-w- c:\documents and settings\All Users\Programdata\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\ECMSVR32.DLL 2009-11-21 16:03 . 2008-04-09 04:10 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2008-09-24 190024] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752] "TpShocks"="TpShocks.exe" [2007-11-22 181536] "Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032] "PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728] "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368] "Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-313889\Scripts\Logon] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 17:32 19504] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.03.2009 20:00 54752] R2 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [07.10.2007 19:48 116664] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 14:46 10896] R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 18:19 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.08.2009 11:05 102448] S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [09.04.2008 05:10 14336] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-02-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-02-06 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30] 2010-02-06 c:\windows\Tasks\updater.exe.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2009-06-17 13:48] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://fuv.hfk.no uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab . - - - - TOMME PEKERE FJERNET - - - - ActiveSetup-{02F6399F-D184-0735-DFF6-3FCA8D6567B7} - c:\windows\system32\explorer.exe ************************************************************************** skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1176) c:\windows\system32\vrlogon.dll c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'lsass.exe'(1236) c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll . Tidspunkt ferdig: 2010-02-06 20:34:58 ComboFix-quarantined-files.txt 2010-02-06 19:34 ComboFix2.txt 2009-05-31 22:14 Pre-Run: 81 767 813 120 byte ledig Post-Run: 81 762 594 816 byte ledig - - End Of File - - 5148F8DBDE5CA589976970A489F30FCD Lenke til kommentar
norbat Skrevet 7. februar 2010 Rapporter Del Skrevet 7. februar 2010 Loggen ser grei ut. Har dere sjekket om det finnes ny firmware for ruteren? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå