Er det noe ulumsk på maskinen?

[Nitrius]

MBAM Logg:

 

Malwarebytes' Anti-Malware 1.32

Database version: 1618

Windows 6.0.6001 Service Pack 1

 

05.01.2009 18:27:16

mbam-log-2009-01-05 (18-27-13).txt

 

Scan type: Quick Scan

Objects scanned: 47586

Time elapsed: 13 minute(s), 37 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Combofix:

 

ComboFix 09-01-05.02 - Colin 2009-01-05 18:33:30.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1338 [GMT 1:00]

Kjører fra: c:\users\Colin\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Colin\AppData\Roaming\.#

c:\users\Colin\AppData\Roaming\.#\MBX@D04@AE2930.###

c:\users\Colin\AppData\Roaming\.#\MBX@D04@AE2960.###

c:\users\Colin\AppData\Roaming\.#\MBX@D04@AE2990.###

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-05 til 2009-01-05 )))))))))))))))))))))))))))))))))

.

 

2009-01-05 18:09 . 2009-01-05 18:09 <DIR> d-------- c:\users\Colin\AppData\Roaming\Malwarebytes

2009-01-05 18:09 . 2009-01-05 18:09 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-05 18:09 . 2009-01-05 18:09 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-05 18:09 . 2009-01-05 18:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-05 18:09 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-05 18:09 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-03 20:05 . 2009-01-03 20:44 <DIR> d-------- c:\users\Public\Games

2008-12-17 19:33 . 2008-12-17 19:33 <DIR> d-------- c:\users\Colin\AppData\Roaming\ImgBurn

2008-12-17 19:32 . 2008-12-17 19:32 <DIR> d-------- c:\program files\ImgBurn

2008-12-14 13:07 . 2008-12-14 13:07 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-12 15:02 . 2008-12-12 20:17 <DIR> d-------- c:\program files\Dofus

2008-12-12 06:50 . 2008-12-12 06:50 <DIR> d-------- c:\program files\ASIO4ALL v2

2008-12-12 06:49 . 2008-12-26 14:29 <DIR> d-------- c:\program files\VstPlugins

2008-12-12 06:49 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\System32\vorbis.acm

2008-12-12 06:49 . 2006-06-20 09:56 225,280 --a------ c:\windows\System32\rewire.dll

2008-12-12 06:46 . 2009-01-03 19:05 <DIR> d-------- c:\program files\Image-Line

2008-12-10 19:51 . 2008-12-10 20:29 6,099,695 --a------ C:\smap.tmp0

2008-12-10 19:51 . 2008-12-10 20:29 3,539,695 --a------ C:\smsk.tmp0

2008-12-10 13:22 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-10 13:13 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-10 13:13 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-12-10 13:13 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-10 13:12 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-12-10 13:12 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-12-10 13:12 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll

2008-12-10 12:51 . 2008-12-10 12:51 29 --a------ c:\windows\Index.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-05 15:43 --------- d-----w c:\users\Colin\AppData\Roaming\Skype

2009-01-05 15:28 --------- d-----w c:\users\Colin\AppData\Roaming\skypePM

2009-01-03 19:44 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2009-01-03 18:57 --------- d-----w c:\program files\World of Warcraft

2009-01-03 17:59 --------- d-----w c:\program files\Java

2009-01-03 17:52 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-03 17:49 --------- d-----w c:\program files\CCleaner

2008-12-25 14:35 --------- d-----w c:\users\Colin\AppData\Roaming\SystemRequirementsLab

2008-12-10 13:08 --------- d-----w c:\program files\Windows Mail

2008-12-10 12:45 --------- d-----w c:\programdata\Microsoft Help

2008-12-01 22:14 4,179,968 ----a-w c:\windows\system32\drivers\atikmdag.sys

2008-12-01 20:47 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll

2008-12-01 20:46 159,744 ----a-w c:\windows\System32\atitmmxx.dll

2008-12-01 20:45 43,520 ----a-w c:\windows\System32\ati2edxx.dll

2008-12-01 20:45 331,776 ----a-w c:\windows\System32\atipdlxx.dll

2008-12-01 20:45 274,432 ----a-w c:\windows\System32\Ati2evxx.dll

2008-12-01 20:45 262,144 ----a-w c:\windows\System32\Oemdspif.dll

2008-12-01 20:44 720,896 ----a-w c:\windows\System32\Ati2evxx.exe

2008-12-01 20:29 4,033,536 ----a-w c:\windows\System32\atiumdag.dll

2008-12-01 20:17 10,981,376 ----a-w c:\windows\System32\atioglxx.dll

2008-12-01 20:09 4,754,432 ----a-w c:\windows\System32\atiumdva.dll

2008-12-01 19:56 98,304 ----a-w c:\windows\System32\atiadlxx.dll

2008-12-01 19:56 57,344 ----a-w c:\windows\System32\amdcalrt.dll

2008-12-01 19:56 53,248 ----a-w c:\windows\System32\amdcalcl.dll

2008-12-01 19:56 50,688 ----a-w c:\windows\System32\amdpcom32.dll

2008-12-01 19:53 3,256,320 ----a-w c:\windows\System32\amdcaldd.dll

2008-12-01 19:42 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-24 18:27 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-09-24 18:27 56 ---ha-w c:\programdata\ezsidmv.dat

2008-02-17 11:54 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3026325433-68024173-3007258215-1010]

"EnableNotificationsRef"=dword:00000003

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"UDP Query User{56B7C8B0-8874-464E-84AC-600E372795D3}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{13B42293-234B-4490-BFE8-D929DEC2D6F2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{29E09E29-92FA-4D04-B379-53BB8010E7DB}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus

"{24B22FF5-BA43-4FF7-8B95-8691EBE5ACEE}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus

"{69AD245F-ABC3-4961-AA31-77928FA48E42}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

"{64929484-F7AD-4B72-B9E2-47F4B6286199}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

"TCP Query User{62A27073-B87E-4906-B38A-9E1DE6AB2225}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"UDP Query User{5612454A-7526-47A2-A5FE-224172E16C83}c:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine

"{2F55D70B-D689-4235-B971-FE7D652399B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{2675882F-783B-4315-8FE1-524369AB35BF}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"UDP Query User{36BC4303-24E0-4338-A83D-096303A13D8D}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility

"{B11838A2-5FC5-4C42-918E-94FEEB758708}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D48D9240-ACD2-4D5D-8EAB-34D819717687}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{C299D934-C4D5-4AB1-95A9-7C4516D3D5E3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{A63A743A-1B7B-4DCA-8C0F-68AC8378788B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{99BB83B5-4E51-4174-830D-0CAA2FCE2D3C}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-02-17 180736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]

R3 GTIPCI21;GTIPCI21;c:\windows\System32\drivers\gtipci21.sys [2008-02-17 88192]

R3 IFXTPM;IFXTPM;c:\windows\System32\drivers\ifxtpm.sys [2008-02-17 36352]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2008-02-17 2595840]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [2008-02-17 31232]

S3 CpqDtct;CpqDtct;c:\windows\System32\drivers\Cpqdtct.sys [2007-01-27 66636]

S3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\System32\drivers\nx6000.sys [2006-12-19 31512]

S3 rt70x86;RT2500 USB Wireless LAN Driver for Vista;c:\windows\System32\drivers\netr70.sys [2007-10-09 291840]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - sptd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c5a90d-5109-11dd-95ec-000000000000}]

\shell\AutoRun\command - E:\Autoplay.exe -auto

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcaf1911-063c-11dd-b442-000000000000}]

\shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd9a0114-acb8-11db-b94e-806e6f6e6963}]

\shell\AutoRun\command - D:\Installer.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-05 c:\windows\Tasks\User_Feed_Synchronization-{1BAFE27E-130D-484A-A171-A5C95717ABEF}.job

- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]

 

2009-01-05 c:\windows\Tasks\User_Feed_Synchronization-{40CF2611-6040-482C-96AA-7ED644AEDE3F}.job

- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]

.

.

------- Tilleggsskanning -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\0q5i6wq2.default\

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-05 18:37:46

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-01-05 18:41:28

ComboFix-quarantined-files.txt 2009-01-05 17:41:25

 

Pre-Run: 64 858 406 912 bytes free

Post-Run: 64,758,595,584 bytes free

 

190 --- E O F --- 2008-12-19 02:01:07

 

 

HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:51:41, on 05.01.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Users\Colin\Desktop\ProcessExplorer\procexp.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\notepad.exe

C:\Windows\Explorer.exe

C:\Users\Colin\Desktop\HiJackThis\test123.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://vpn.ergogroup.no/Citrix/ICAWEB/en/ica32/wficac.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 5464 bytes

 

 

 

Er det noe farlig å finne her?

Endret 5. januar 2009 av Nitrius

[gjeewaytee]

https://www.diskusjon.no/index.php?showtopic=691246

[Nitrius]

Ja? Har da gjort riktig jeg vil jeg si, lagd egen tråd med loggene.

[gjeewaytee]

ehh..shoot me hehe..var nok litt kjapp der ja . joda du har gjort helt riktig. sorry

[norbat]

Ikke noe malware å se

[Nitrius]

Nå er ikke dette maskina mi, men fettern min sin bærbare. Så om det ikke er noe malware, hva kan da problemet være? Er nemlig et eller annet som forårsaker hyppig bruk av CPUen, som gjør maskina meget treg. Ifølge process explorer er det explorer.exe og svchost. Virus muligens? Eller skal disse loggene finne virus også?

 

Edit: Dette er på Vista x86(32bit).

Endret 6. januar 2009 av Nitrius

[snippsat]

Eller skal disse loggene finne virus også?

Les hva maleware betyr.

norbat.

 

Malware er en samlebetegnelse på uønsket / skadelig programvare. Malware (Malicious Software) er bedre kjent under betegnelser som Virus, Trojanere, Ormer, Spyware, Rootkit, Adware ...

 

Har man fått dette på pc'n (vi kaller det for en infeksjon), vil man i de fleste tilfellene registrere at noe har skjedd i form av

- treg pc

- ny bakgrunn på skrivebordet med en advarsel om at pc'n er infisert med virus.

- popups med bla. reklame fra såkalte antispywarescannere (eks. Antivirus2008, m.fl)

- nye søkeverktøy i nettleseren

- problemer med å komme inn på enkelte nettsider / nettsider overhode

- ditt antivirusprogram er slått av

- mange funksjoner i windows er ikke tilgjengelig (automatisk oppdatering, kontrollpanel, regedit, brannmur, manglende ikoner og oppgavelinje for å nevne noe)

 

 

Rydde opp.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

Auslogics Registry Defrag(gratis)

http://www.auslogics.com/en/software/registry-defrag

 

Auslogics Disk Defrag(gratis)

http://www.auslogics.com/en/software/disk-defrag

 

Er nemlig et eller annet som forårsaker noe hyppig bruk av CPUen, som gjør maskina meget treg. Ifølge process explorer er det explorer.exe og svchost. Virus muligens?

Poste et skjermbilde fra process explorer etter du har ryddet opp.

Du tar skjermbilde rett etter oppstart,ikke start noen programmer.

Endret 6. januar 2009 av SNIPPSAT

[Nitrius]

Av de tilfellene som norbat har listet opp, så er det vel bare treg pc som stemmer i dette tilfelle, men ikke alltid, er spike's i blant hvor svchost og explorer.exe (det jeg så når jeg sist sjekket) bruker mye ressurser og gjør pcen meget treg og litt senere går det fint igjen. Men skal få tatt screen av prosessene ved oppstart og poste det.

 

Defrag(bruker JkDefrag) og CCleaner, brukes ofte. Dog ikke brukt noe registry defrag på denne bærbare før.

 

Edit: Grunnen til at jeg spurte om loggen/programmene her også kan finne virus, er fordi jeg spurt i tråden til norbat for en stund tilbake, om disse programmene kan erstatte et anti-virus program, og om jeg husker rett så fikk jeg nei som et svar.

Endret 6. januar 2009 av Nitrius