Gå til innhold

Mistanke om et par trojaner på pcen


Anbefalte innlegg

Den stasjonære har stått i ro siden romjula, da en av booting filene forsvant, fikset det nå, og det ser ut til at det er et par urenheter på pcen. Log fra Malwarebytes, combofix og hijackthis kommer snart.

 

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1716

Windows 5.1.2600 Service Pack 2

 

02.02.2009 20:18:43

mbam-log-2009-02-02 (20-18-43).txt

 

Skanntype: Rask Skann

Objekter skannet: 66320

Tid tilbakelagt: 9 minute(s), 36 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

E:\Documents and Settings\Dranc\Lokale innstillinger\Temp\wnd2F.bat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

Combofix:

 

ComboFix 09-02-02.02 - Dranc 2009-02-02 20:22:45.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1023.424 [GMT 1:00]

Kjører fra: e:\documents and settings\Dranc.DRANCI\Skrivebord\ComboFix.exe

AV: Norton 360 *On-access scanning enabled* (Updated)

FW: Norton 360 *disabled*

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\documents and settings\Dranc\Mine dokumenter\YMBOLS~1

e:\documents and settings\Dranc\Mine dokumenter\YMBOLS~1\?ymbols\

e:\programfiler\pppatc~1

e:\windows2\install.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-02 til 2009-02-02 )))))))))))))))))))))))))))))))))

.

 

2009-02-02 20:18 . 2009-02-02 20:18 61,440 --a------ e:\windows2\system32\drivers\hdxjpjv.sys

2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\programfiler\Malwarebytes' Anti-Malware

2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\documents and settings\Dranc.DRANCI\Programdata\Malwarebytes

2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\documents and settings\All Users.WINDOWS2\Programdata\Malwarebytes

2009-02-02 20:06 . 2009-01-14 16:11 38,496 --a------ e:\windows2\system32\drivers\mbamswissarmy.sys

2009-02-02 20:06 . 2009-01-14 16:11 15,504 --a------ e:\windows2\system32\drivers\mbam.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-02 19:20 --------- d-----w e:\programfiler\Fellesfiler\Symantec Shared

2009-01-06 00:24 806 ----a-w e:\windows2\system32\drivers\SYMEVENT.INF

2009-01-06 00:24 60,808 ----a-w e:\windows2\system32\S32EVNT1.DLL

2009-01-06 00:24 124,464 ----a-w e:\windows2\system32\drivers\SYMEVENT.SYS

2009-01-06 00:24 10,635 ----a-w e:\windows2\system32\drivers\SYMEVENT.CAT

2009-01-06 00:24 --------- d-----w e:\programfiler\Symantec

2009-01-02 23:06 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Symantec

2009-01-02 23:02 --------- d-----w e:\programfiler\DC++

2009-01-01 19:16 --------- d--h--w e:\programfiler\InstallShield Installation Information

2009-01-01 19:16 --------- d-----w e:\programfiler\Avanquest update

2009-01-01 19:16 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\BVRP Software

2009-01-01 19:15 --------- d-----w e:\programfiler\Sony Ericsson

2009-01-01 19:15 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\InstallShield

2009-01-01 19:15 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Sony Ericsson

2008-12-31 11:32 3,766 --sha-w e:\windows2\system32\KGyGaAvL.sys

2008-12-28 14:57 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\U3

2008-12-25 23:17 --------- d-----w e:\programfiler\Creative

2008-12-25 22:53 --------- d-----w e:\programfiler\Corel

2008-12-25 22:51 --------- d-----w e:\programfiler\BitTorrent

2008-12-25 00:49 --------- d-----w e:\programfiler\Windows Live Safety Center

2008-12-19 12:02 --------- d-s---w e:\programfiler\Xfire

2008-12-17 22:59 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Xfire

2008-12-12 22:05 --------- d-----w e:\programfiler\Realtek AC97

2008-12-12 13:16 --------- d-----w e:\programfiler\NOS

2008-12-12 13:16 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\NOS

2008-12-11 20:37 42,320 ----a-w e:\windows2\system32\xfcodec.dll

2008-09-19 18:35 357,768 ----a-w e:\documents and settings\Dranc.DRANCI\SymXPep2.dll

2007-10-16 16:35 153,498,660 ----a-w e:\documents and settings\Dranc.DRANCI\WoW-2.2.3.7359-to-0.3.0.7382-enGB-patch.exe

2007-04-14 10:52 65 ----a-w e:\programfiler\Fellesfiler\appop.log

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows2\system32\ctfmon.exe" [2004-08-04 15360]

"CTSyncU.exe"="e:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]

"LogitechSoftwareUpdate"="e:\programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-01 20480]

"NVIDIA nTune"="e:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"Sony Ericsson PC Suite"="e:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows2\system32\NvCpl.dll" [2007-06-28 8466432]

"SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"NvMediaCenter"="e:\windows2\system32\NvMcTray.dll" [2007-06-28 81920]

"ccApp"="e:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"LogitechCommunicationsManager"="e:\programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="e:\programfiler\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"LVCOMSX"="e:\windows2\system32\LVCOMSX.EXE" [2004-05-21 221184]

"LogitechVideoRepair"="e:\programfiler\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"LogitechVideoTray"="e:\programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"PWRISOVM.EXE"="e:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"Adobe Photo Downloader"="e:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]

"Symantec PIF AlertEng"="e:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"NeroFilterCheck"="e:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]

"MULTIMEDIA KEYBOARD"="e:\programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]

"QuickTime Task"="e:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"nwiz"="nwiz.exe" [2007-06-28 e:\windows2\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 e:\windows2\SOUNDMAN.EXE]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 e:\windows2\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows2\system32\CTFMON.EXE" [2004-08-04 15360]

 

e:\documents and settings\Dranc\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Xfire.lnk - e:\programfiler\Xfire\xfire.exe [2008-12-11 2990416]

 

e:\documents and settings\All Users.WINDOWS2\Start-meny\Programmer\Oppstart\

ColorVisionStartup.lnk - e:\programfiler\ColorVision\Utility\ColorVisionStartup.exe [2006-01-31 385024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.enc"= ITIG726.acm

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"e:\\Programfiler\\MSN Messenger\\livecall.exe"=

"e:\\Programfiler\\Xfire\\xfire.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\gleini\\counter-strike source\\hl2.exe"=

"e:\\Programfiler\\VentSrv\\ventrilo_srv.exe"=

"e:\\Programfiler\\iTunes\\iTunes.exe"=

"e:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13524:TCP"= 13524:TCP:BitComet 13524 TCP

"13524:UDP"= 13524:UDP:BitComet 13524 UDP

 

R0 xmasbus;xmasbus;e:\windows2\system32\drivers\xmasbus.sys [2007-07-27 140800]

R0 xmasscsi;xmasscsi;e:\windows2\system32\drivers\xmasscsi.sys [2007-07-27 5504]

R1 msikbd2k;Multimedia Keyboard Filter Driver;e:\windows2\system32\drivers\Msikbd2k.sys [2008-06-17 6656]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;e:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

R2 nhksrv;Netropa NHK Server;e:\programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2008-06-17 28672]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-21 99376]

S3 PID_0920;Logitech QuickCam Express(PID_0920);e:\windows2\system32\drivers\LV532AV.SYS [2007-04-19 163328]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);e:\windows2\system32\drivers\s0016bus.sys [2009-01-01 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;e:\windows2\system32\drivers\s0016mdfl.sys [2009-01-01 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;e:\windows2\system32\drivers\s0016mdm.sys [2009-01-01 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);e:\windows2\system32\drivers\s0016mgmt.sys [2009-01-01 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);e:\windows2\system32\drivers\s0016nd5.sys [2009-01-01 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;e:\windows2\system32\drivers\s0016obex.sys [2009-01-01 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);e:\windows2\system32\drivers\s0016unic.sys [2009-01-01 115752]

S3 USBAAPL;Apple Mobile USB Driver;e:\windows2\system32\drivers\usbaapl.sys [2008-11-26 32000]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - COMHOST

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e503c106-bbdf-11dd-b984-001a921dc4c2}]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-03 e:\windows2\Tasks\AppleSoftwareUpdate.job

- e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - e:\programfiler\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - e:\programfiler\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - e:\programfiler\BitComet\BitComet.exe/AddAllLink.htm

IE: E&ksporter til Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath -

 

---- FIREFOX POLICIES ----

e:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-02 20:26:51

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-02-02 20:28:38

ComboFix-quarantined-files.txt 2009-02-02 19:28:21

 

Pre-Run: 29 077 766 144 byte ledig

Post-Run: 29,439,459,328 byte ledig

 

171 --- E O F --- 2008-12-19 02:00:43

 

 

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:12, on 02.02.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

E:\WINDOWS2\System32\smss.exe

E:\WINDOWS2\system32\winlogon.exe

E:\WINDOWS2\system32\services.exe

E:\WINDOWS2\system32\lsass.exe

E:\WINDOWS2\system32\svchost.exe

E:\WINDOWS2\System32\svchost.exe

E:\WINDOWS2\system32\svchost.exe

E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\WINDOWS2\system32\spoolsv.exe

E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe

E:\Programfiler\Logitech\QuickCam\Quickcam.exe

E:\WINDOWS2\system32\LVCOMSX.EXE

E:\Programfiler\Logitech\Video\LogiTray.exe

E:\Programfiler\PowerISO\PWRISOVM.EXE

E:\Programfiler\iTunes\iTunesHelper.exe

E:\WINDOWS2\system32\ctfmon.exe

E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe

E:\Programfiler\Netropa\Onscreen Display\OSD.exe

E:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe

E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

E:\Programfiler\Logitech\Video\FxSvr2.exe

E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

E:\WINDOWS2\system32\nvsvc32.exe

E:\WINDOWS2\system32\svchost.exe

E:\Programfiler\Canon\CAL\CALMAIN.exe

E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

E:\Programfiler\iPod\bin\iPodService.exe

E:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe

E:\WINDOWS2\System32\svchost.exe

E:\WINDOWS2\system32\wbem\wmiapsrv.exe

E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

E:\WINDOWS2\system32\wuauclt.exe

E:\WINDOWS2\system32\wscntfy.exe

E:\WINDOWS2\explorer.exe

E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS2\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS2\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programfiler\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [symantec PIF AlertEng] "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\ctfmon.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programfiler\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "E:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-21-2025429265-299502267-839522115-500\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ColorVisionStartup.lnk = E:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Programfiler\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - e:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NMIndexingService - Nero AG - E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS2\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec RemoteAssist - Symantec, Inc. - E:\Programfiler\Fellesfiler\Symantec Shared\Support Controls\ssrc.exe

 

--

End of file - 10880 bytes

 

 

 

 

edit: Loggene er lagt til

Endret av Pirja
Lenke til kommentar
Videoannonse
Annonse
  • 6 måneder senere...

Har dratt frem pcen igjen nå, og kan like så godt bumpe denne litt, siden det forsatt skal være trojaner på pcen. Den har sått uberørt og av siden jeg postet disse loggene. Sjekket den filen du nevner Sumbit. Ingen av de 21 programmene fant noe virus/malware på filen.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...