GLN Skrevet 2. februar 2009 Del Skrevet 2. februar 2009 (endret) Den stasjonære har stått i ro siden romjula, da en av booting filene forsvant, fikset det nå, og det ser ut til at det er et par urenheter på pcen. Log fra Malwarebytes, combofix og hijackthis kommer snart. Malwarebytes: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1716 Windows 5.1.2600 Service Pack 2 02.02.2009 20:18:43 mbam-log-2009-02-02 (20-18-43).txt Skanntype: Rask Skann Objekter skannet: 66320 Tid tilbakelagt: 9 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: E:\Documents and Settings\Dranc\Lokale innstillinger\Temp\wnd2F.bat (Malware.Trace) -> Quarantined and deleted successfully. Combofix: ComboFix 09-02-02.02 - Dranc 2009-02-02 20:22:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1023.424 [GMT 1:00] Kjører fra: e:\documents and settings\Dranc.DRANCI\Skrivebord\ComboFix.exe AV: Norton 360 *On-access scanning enabled* (Updated) FW: Norton 360 *disabled* * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\documents and settings\Dranc\Mine dokumenter\YMBOLS~1 e:\documents and settings\Dranc\Mine dokumenter\YMBOLS~1\?ymbols\ e:\programfiler\pppatc~1 e:\windows2\install.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-02 til 2009-02-02 ))))))))))))))))))))))))))))))))) . 2009-02-02 20:18 . 2009-02-02 20:18 61,440 --a------ e:\windows2\system32\drivers\hdxjpjv.sys 2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\programfiler\Malwarebytes' Anti-Malware 2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\documents and settings\Dranc.DRANCI\Programdata\Malwarebytes 2009-02-02 20:06 . 2009-02-02 20:06 <DIR> d-------- e:\documents and settings\All Users.WINDOWS2\Programdata\Malwarebytes 2009-02-02 20:06 . 2009-01-14 16:11 38,496 --a------ e:\windows2\system32\drivers\mbamswissarmy.sys 2009-02-02 20:06 . 2009-01-14 16:11 15,504 --a------ e:\windows2\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 19:20 --------- d-----w e:\programfiler\Fellesfiler\Symantec Shared 2009-01-06 00:24 806 ----a-w e:\windows2\system32\drivers\SYMEVENT.INF 2009-01-06 00:24 60,808 ----a-w e:\windows2\system32\S32EVNT1.DLL 2009-01-06 00:24 124,464 ----a-w e:\windows2\system32\drivers\SYMEVENT.SYS 2009-01-06 00:24 10,635 ----a-w e:\windows2\system32\drivers\SYMEVENT.CAT 2009-01-06 00:24 --------- d-----w e:\programfiler\Symantec 2009-01-02 23:06 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Symantec 2009-01-02 23:02 --------- d-----w e:\programfiler\DC++ 2009-01-01 19:16 --------- d--h--w e:\programfiler\InstallShield Installation Information 2009-01-01 19:16 --------- d-----w e:\programfiler\Avanquest update 2009-01-01 19:16 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\BVRP Software 2009-01-01 19:15 --------- d-----w e:\programfiler\Sony Ericsson 2009-01-01 19:15 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\InstallShield 2009-01-01 19:15 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\Sony Ericsson 2008-12-31 11:32 3,766 --sha-w e:\windows2\system32\KGyGaAvL.sys 2008-12-28 14:57 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\U3 2008-12-25 23:17 --------- d-----w e:\programfiler\Creative 2008-12-25 22:53 --------- d-----w e:\programfiler\Corel 2008-12-25 22:51 --------- d-----w e:\programfiler\BitTorrent 2008-12-25 00:49 --------- d-----w e:\programfiler\Windows Live Safety Center 2008-12-19 12:02 --------- d-s---w e:\programfiler\Xfire 2008-12-17 22:59 --------- d-----w e:\documents and settings\Dranc.DRANCI\Programdata\Xfire 2008-12-12 22:05 --------- d-----w e:\programfiler\Realtek AC97 2008-12-12 13:16 --------- d-----w e:\programfiler\NOS 2008-12-12 13:16 --------- d-----w e:\documents and settings\All Users.WINDOWS2\Programdata\NOS 2008-12-11 20:37 42,320 ----a-w e:\windows2\system32\xfcodec.dll 2008-09-19 18:35 357,768 ----a-w e:\documents and settings\Dranc.DRANCI\SymXPep2.dll 2007-10-16 16:35 153,498,660 ----a-w e:\documents and settings\Dranc.DRANCI\WoW-2.2.3.7359-to-0.3.0.7382-enGB-patch.exe 2007-04-14 10:52 65 ----a-w e:\programfiler\Fellesfiler\appop.log . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows2\system32\ctfmon.exe" [2004-08-04 15360] "CTSyncU.exe"="e:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "LogitechSoftwareUpdate"="e:\programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-01 20480] "NVIDIA nTune"="e:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] "Sony Ericsson PC Suite"="e:\programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows2\system32\NvCpl.dll" [2007-06-28 8466432] "SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "NvMediaCenter"="e:\windows2\system32\NvMcTray.dll" [2007-06-28 81920] "ccApp"="e:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 115816] "LogitechCommunicationsManager"="e:\programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="e:\programfiler\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "LVCOMSX"="e:\windows2\system32\LVCOMSX.EXE" [2004-05-21 221184] "LogitechVideoRepair"="e:\programfiler\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="e:\programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "PWRISOVM.EXE"="e:\programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "Adobe Photo Downloader"="e:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440] "Symantec PIF AlertEng"="e:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "NeroFilterCheck"="e:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "MULTIMEDIA KEYBOARD"="e:\programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984] "QuickTime Task"="e:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2007-06-28 e:\windows2\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 e:\windows2\SOUNDMAN.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 e:\windows2\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows2\system32\CTFMON.EXE" [2004-08-04 15360] e:\documents and settings\Dranc\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Xfire.lnk - e:\programfiler\Xfire\xfire.exe [2008-12-11 2990416] e:\documents and settings\All Users.WINDOWS2\Start-meny\Programmer\Oppstart\ ColorVisionStartup.lnk - e:\programfiler\ColorVision\Utility\ColorVisionStartup.exe [2006-01-31 385024] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.enc"= ITIG726.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "e:\\Programfiler\\MSN Messenger\\livecall.exe"= "e:\\Programfiler\\Xfire\\xfire.exe"= "e:\\Programfiler\\Valve\\Steam\\SteamApps\\gleini\\counter-strike source\\hl2.exe"= "e:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "e:\\Programfiler\\iTunes\\iTunes.exe"= "e:\\Programfiler\\Valve\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13524:TCP"= 13524:TCP:BitComet 13524 TCP "13524:UDP"= 13524:UDP:BitComet 13524 UDP R0 xmasbus;xmasbus;e:\windows2\system32\drivers\xmasbus.sys [2007-07-27 140800] R0 xmasscsi;xmasscsi;e:\windows2\system32\drivers\xmasscsi.sys [2007-07-27 5504] R1 msikbd2k;Multimedia Keyboard Filter Driver;e:\windows2\system32\drivers\Msikbd2k.sys [2008-06-17 6656] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;e:\programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 nhksrv;Netropa NHK Server;e:\programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2008-06-17 28672] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-21 99376] S3 PID_0920;Logitech QuickCam Express(PID_0920);e:\windows2\system32\drivers\LV532AV.SYS [2007-04-19 163328] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);e:\windows2\system32\drivers\s0016bus.sys [2009-01-01 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;e:\windows2\system32\drivers\s0016mdfl.sys [2009-01-01 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;e:\windows2\system32\drivers\s0016mdm.sys [2009-01-01 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);e:\windows2\system32\drivers\s0016mgmt.sys [2009-01-01 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);e:\windows2\system32\drivers\s0016nd5.sys [2009-01-01 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;e:\windows2\system32\drivers\s0016obex.sys [2009-01-01 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);e:\windows2\system32\drivers\s0016unic.sys [2009-01-01 115752] S3 USBAAPL;Apple Mobile USB Driver;e:\windows2\system32\drivers\usbaapl.sys [2008-11-26 32000] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e503c106-bbdf-11dd-b984-001a921dc4c2}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-03 e:\windows2\Tasks\AppleSoftwareUpdate.job - e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - e:\programfiler\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - e:\programfiler\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - e:\programfiler\BitComet\BitComet.exe/AddAllLink.htm IE: E&ksporter til Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - ---- FIREFOX POLICIES ---- e:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 20:26:51 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-02 20:28:38 ComboFix-quarantined-files.txt 2009-02-02 19:28:21 Pre-Run: 29 077 766 144 byte ledig Post-Run: 29,439,459,328 byte ledig 171 --- E O F --- 2008-12-19 02:00:43 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:29:12, on 02.02.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS2\System32\smss.exe E:\WINDOWS2\system32\winlogon.exe E:\WINDOWS2\system32\services.exe E:\WINDOWS2\system32\lsass.exe E:\WINDOWS2\system32\svchost.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe E:\WINDOWS2\system32\spoolsv.exe E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe E:\Programfiler\Logitech\QuickCam\Quickcam.exe E:\WINDOWS2\system32\LVCOMSX.EXE E:\Programfiler\Logitech\Video\LogiTray.exe E:\Programfiler\PowerISO\PWRISOVM.EXE E:\Programfiler\iTunes\iTunesHelper.exe E:\WINDOWS2\system32\ctfmon.exe E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe E:\Programfiler\Netropa\Onscreen Display\OSD.exe E:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe E:\Programfiler\Logitech\Video\FxSvr2.exe E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe E:\WINDOWS2\system32\nvsvc32.exe E:\WINDOWS2\system32\svchost.exe E:\Programfiler\Canon\CAL\CALMAIN.exe E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programfiler\iPod\bin\iPodService.exe E:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe E:\WINDOWS2\System32\svchost.exe E:\WINDOWS2\system32\wbem\wmiapsrv.exe E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe E:\WINDOWS2\system32\wuauclt.exe E:\WINDOWS2\system32\wscntfy.exe E:\WINDOWS2\explorer.exe E:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - E:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS2\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "E:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS2\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programfiler\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [symantec PIF AlertEng] "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [sony Ericsson PC Suite] "E:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-21-2025429265-299502267-839522115-500\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS2\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ColorVisionStartup.lnk = E:\Programfiler\ColorVision\Utility\ColorVisionStartup.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programfiler\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programfiler\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - E:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\Programfiler\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - E:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - E:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: LVCOMSer - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - e:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NMIndexingService - Nero AG - E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS2\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - E:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - E:\Programfiler\Fellesfiler\Symantec Shared\Support Controls\ssrc.exe -- End of file - 10880 bytes edit: Loggene er lagt til Endret 2. februar 2009 av Pirja Lenke til kommentar
Tosha0007 Skrevet 2. februar 2009 Del Skrevet 2. februar 2009 trur det er litt problem med loggene her, eg kan iallfall ikkje sjå dei Lenke til kommentar
raWrz Skrevet 2. februar 2009 Del Skrevet 2. februar 2009 hei Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: e:\programfiler\Fellesfiler\appop.log Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
GLN Skrevet 15. august 2009 Forfatter Del Skrevet 15. august 2009 Har dratt frem pcen igjen nå, og kan like så godt bumpe denne litt, siden det forsatt skal være trojaner på pcen. Den har sått uberørt og av siden jeg postet disse loggene. Sjekket den filen du nevner Sumbit. Ingen av de 21 programmene fant noe virus/malware på filen. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå