Gjest Slettet-D7I5Gr2 Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 (endret) Ich habe virus, så da fulgte jeg hintene fra denne tråden https://www.diskusjon.no/index.php?showtopic=691246 Logg1 https://www.diskusjon.no/index.php?showtopic=691246 Log2 Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2075 Windows 6.0.6001 Service Pack 1 05.05.2009 00:18:47 mbam-log-2009-05-05 (00-18-47).txt Skanntype: Rask Skann Objekter skannet: 65609 Tid tilbakelagt: 7 minute(s), 5 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Fant ikke loggen fra combofix. :\ Men den viste ivertfall at det var 0 infiserte ting på pc'n. Så now what? Data er ikke helt min greie(som man sikkert forstår) Endret 4. mai 2009 av Slettet-D7I5Gr2 Lenke til kommentar
snippsat Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 (endret) Søk etter combofix.txt Har du fulgt veiledningen skal combofix legges på skrivebordet. Da vill combofix.txt ligge under root c:\ Kjør denne og post loggen. Last ned RSIT (Random's System Information Tool) til skrivebordet Start programmet ved å dobbeltklikke på RSIT.exe Klikk Continue Etter få strakser vil det lages en logg (log.txt). Den poster du. Endret 4. mai 2009 av SNIPPSAT Lenke til kommentar
Gjest Slettet-D7I5Gr2 Skrevet 4. mai 2009 Del Skrevet 4. mai 2009 Finner ikke combofix. txt jeg, og ja den er på skrivebordet. Log-notisblokk Logfile of random's system information tool 1.06 (written by random/random) Run by Eier at 2009-05-05 01:12:15 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 13 GB (12%) free of 105 GB Total RAM: 1982 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:13:49, on 05.05.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Windows\system32\conime.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Eier\Desktop\RSIT.exe C:\Program Files\trend micro\Eier.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\cmd.execf C:\Windows\system32\cmd.execf C:\32788R22FWJFW\pv.exe C:\32788R22FWJFW\pv.cfexe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file) O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file) O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O13 - Gopher Prefix: O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9644 bytes ======Scheduled tasks folder====== C:\Windows\tasks\PCConfidential.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}] Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2009-03-28 1883672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-18 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} {930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2009-03-28 1883672] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-10-01 181544] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-20 202032] "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320] "UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-17 218408] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560] "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-09 311296] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-26 39408] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb418923-d33e-11dd-8d0e-001e6820539b}] shell\AutoRun\command - F:\WDSetup.exe ======List of files/folders created in the last 1 months====== 2009-05-05 01:13:26 ----D---- C:\32788R22FWJFW 2009-05-05 01:12:16 ----D---- C:\Program Files\trend micro 2009-05-05 01:12:15 ----D---- C:\rsit 2009-05-05 00:27:14 ----A---- C:\Windows\system32\CF15856.exe 2009-05-05 00:25:40 ----A---- C:\Windows\system32\CF15543.exe 2009-05-05 00:25:29 ----A---- C:\Bug.txt 2009-05-05 00:25:27 ----A---- C:\Windows\system32\cmd.execf 2009-05-05 00:18:57 ----D---- C:\Windows\ERDNT 2009-05-05 00:18:55 ----D---- C:\ComboFix 2009-05-05 00:18:54 ----A---- C:\Windows\system32\CF14217.exe 2009-05-05 00:15:07 ----A---- C:\Windows\system32\CF13462.exe 2009-05-05 00:15:05 ----A---- C:\Windows\system32\swsc.exe 2009-05-05 00:14:58 ----D---- C:\Qoobox 2009-05-04 23:59:18 ----D---- C:\Users\Eier\AppData\Roaming\Malwarebytes 2009-05-04 23:59:04 ----D---- C:\ProgramData\Malwarebytes 2009-05-04 23:59:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-05-04 22:09:56 ----D---- C:\Windows\PCHEALTH 2009-05-04 21:57:48 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller 2009-05-04 21:57:31 ----D---- C:\Program Files\Windows Live 2009-05-04 21:55:48 ----D---- C:\ProgramData\WLInstaller 2009-04-16 10:43:05 ----A---- C:\Windows\system32\winhttp.dll 2009-04-16 10:43:03 ----A---- C:\Windows\system32\msdtcprx.dll 2009-04-16 10:43:02 ----A---- C:\Windows\system32\xolehlp.dll 2009-04-16 10:42:51 ----A---- C:\Windows\system32\rpcss.dll 2009-04-16 10:42:50 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-04-16 10:42:50 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-04-16 10:42:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe 2009-04-16 10:42:47 ----A---- C:\Windows\system32\sdohlp.dll 2009-04-16 10:42:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll 2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasrecst.dll 2009-04-16 10:42:47 ----A---- C:\Windows\system32\iashost.exe 2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasdatastore.dll 2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasads.dll 2009-04-16 10:42:42 ----A---- C:\Windows\system32\lsasrv.dll 2009-04-16 10:42:42 ----A---- C:\Windows\system32\kernel32.dll 2009-04-16 10:42:41 ----A---- C:\Windows\system32\secur32.dll 2009-04-16 10:42:41 ----A---- C:\Windows\system32\apilogen.dll 2009-04-16 10:42:41 ----A---- C:\Windows\system32\amxread.dll 2009-04-16 10:42:31 ----A---- C:\Windows\system32\mshtml.dll 2009-04-16 10:42:27 ----A---- C:\Windows\system32\ieframe.dll 2009-04-16 10:42:26 ----A---- C:\Windows\system32\urlmon.dll 2009-04-16 10:42:23 ----A---- C:\Windows\system32\wininet.dll 2009-04-16 10:42:22 ----A---- C:\Windows\system32\iertutil.dll 2009-04-16 10:42:21 ----A---- C:\Windows\system32\iedkcs32.dll 2009-04-16 10:42:20 ----A---- C:\Windows\system32\msfeeds.dll 2009-04-16 10:42:19 ----A---- C:\Windows\system32\occache.dll 2009-04-16 10:42:19 ----A---- C:\Windows\system32\ieUnatt.exe 2009-04-16 10:42:19 ----A---- C:\Windows\system32\ieaksie.dll 2009-04-16 10:42:18 ----A---- C:\Windows\system32\mstime.dll 2009-04-16 10:42:18 ----A---- C:\Windows\system32\ieencode.dll 2009-04-16 10:42:17 ----A---- C:\Windows\system32\jsproxy.dll ======List of files/folders modified in the last 1 months====== 2009-05-05 01:13:47 ----D---- C:\Windows\Temp 2009-05-05 01:12:16 ----RD---- C:\Program Files 2009-05-05 00:27:14 ----D---- C:\Windows\system32\nb-NO 2009-05-05 00:27:14 ----D---- C:\Windows\System32 2009-05-05 00:18:57 ----D---- C:\Windows 2009-05-05 00:15:48 ----D---- C:\Windows\inf 2009-05-05 00:15:48 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-05-05 00:15:05 ----D---- C:\Windows\system32\drivers 2009-05-05 00:08:32 ----SHD---- C:\Config.Msi 2009-05-04 23:59:04 ----HD---- C:\ProgramData 2009-05-04 22:11:07 ----SHD---- C:\Windows\Installer 2009-05-04 22:11:05 ----D---- C:\Windows\winsxs 2009-05-04 22:10:40 ----D---- C:\Windows\Prefetch 2009-05-04 21:58:33 ----SHD---- C:\System Volume Information 2009-05-04 21:57:48 ----D---- C:\Program Files\Common Files 2009-05-04 21:57:35 ----D---- C:\Windows\system32\catroot 2009-05-04 21:57:32 ----D---- C:\Program Files\Common Files\microsoft shared 2009-05-04 20:32:35 ----D---- C:\Users\Eier\AppData\Roaming\dvdcss 2009-05-02 04:58:10 ----D---- C:\Users\Eier\AppData\Roaming\uTorrent 2009-04-16 23:11:23 ----D---- C:\Windows\system32\catroot2 2009-04-16 23:08:21 ----D---- C:\Windows\system32\wbem 2009-04-16 23:08:21 ----D---- C:\Program Files\Windows Mail 2009-04-16 23:08:20 ----D---- C:\Windows\system32\manifeststore 2009-04-16 23:08:20 ----D---- C:\Windows\AppPatch 2009-04-16 23:08:20 ----D---- C:\Program Files\Internet Explorer 2009-04-16 22:13:30 ----D---- C:\Windows\system32\WDI 2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 735232] R3 CmBatt;Microsoft ACPI Control Method Battery-driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768] R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896] R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472] R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-10 176640] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-03 135168] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-10-01 271760] R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-10-01 112016] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- Info-notisblokk info.txt logfile of random's system information tool 1.06 2009-05-05 01:13:59 ======Uninstall list====== -->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801 ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001} Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A} Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Compatibility Pack for 2007 Office-->MsiExec.exe /X{90120000-0020-0414-0000-0000000FF1CE} Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall ESU for Microsoft Vista-->MsiExec.exe /I{68471BF2-F1F7-4C89-BBBA-400B94996596} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB} HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39} HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E} HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - nor-->MsiExec.exe /I{2ADD2892-255C-34C2-AE90-5EF603273DFF} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål))-->MsiExec.exe /X{95120000-00AF-0414-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{D1824129-8BE2-4FA6-B262-C4D99F7355D3} MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe" RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything SmartShopper-->C:\Program Files\Smart-Shopper\Uninst.exe Softonic_English Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE C:\PROGRA~1\SOFTON~1\INSTALL.LOG SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nor\setup.exe Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Eier-PC Event Code: 1001 Message: Skanning av Windows Defender er fullført. Skanne-ID: {0ADC49BE-D147-4737-9FFD-7A88976D2553} Skannetype: Antispionvare Skanneparametere: Hurtigskanning Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE Skannetid: 0:06:13 Record Number: 120582 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090504223526.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 7036 Message: Tjenesten WinHTTP Web Proxy Auto-Discovery Service gikk inn i tilstanden stoppet. Record Number: 120583 Source Name: Service Control Manager Time Written: 20090504224515.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 7036 Message: Tjenesten Windows CardSpace gikk inn i tilstanden kjører. Record Number: 120584 Source Name: Service Control Manager Time Written: 20090504224738.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 102 Message: Tjenesten stoppet publisering midlertidig på grunn av en strømhendelse. Record Number: 120585 Source Name: Microsoft-Windows-ResourcePublication Time Written: 20090504230807.302850-000 Event Type: Informasjon User: NT-MYNDIGHET\LOKAL TJENESTE Computer Name: Eier-PC Event Code: 104 Message: Tjenesten publiserer på nettverket. Record Number: 120586 Source Name: Microsoft-Windows-ResourcePublication Time Written: 20090504230840.884850-000 Event Type: Informasjon User: NT-MYNDIGHET\LOKAL TJENESTE =====Application event log===== Computer Name: Eier-PC Event Code: 1001 Message: Fjerning av ytelsestellere for tjenesten WmiApRpl (WmiApRpl) var vellykket. Postdataene inneholder de nye verdiene for maskinens registeroppføringer for siste teller og siste hjelp. Record Number: 8732 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090504221548.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 1000 Message: Innlasting av ytelsestellere for tjenesten WmiApRpl (WmiApRpl) var vellykket. Postdataene i dataavsnittet inneholder de nye indeksverdiene som er tilordnet tjenesten. Record Number: 8733 Source Name: Microsoft-Windows-LoadPerf Time Written: 20090504221548.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 1007 Message: Data for programmet for forbedret kundeopplevelse er sendt til Microsoft. Record Number: 8734 Source Name: Microsoft-Windows-CEIP Time Written: 20090504221905.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 0 Message: Tjenesten startet. Record Number: 8735 Source Name: idsvc Time Written: 20090504224738.000000-000 Event Type: Informasjon User: Computer Name: Eier-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 8736 Source Name: LightScribeService Time Written: 20090504231356.000000-000 Event Type: Informasjon User: =====Security event log===== Computer Name: Eier-PC Event Code: 5038 Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil. Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 8658 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090504231341.970850-000 Event Type: Overvåking mislykket User: Computer Name: Eier-PC Event Code: 5038 Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil. Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 8659 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090504231342.141850-000 Event Type: Overvåking mislykket User: Computer Name: Eier-PC Event Code: 5038 Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil. Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 8660 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090504231342.356850-000 Event Type: Overvåking mislykket User: Computer Name: Eier-PC Event Code: 5038 Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil. Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 8661 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090504231342.542850-000 Event Type: Overvåking mislykket User: Computer Name: Eier-PC Event Code: 5038 Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil. Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 8662 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090504231342.719850-000 Event Type: Overvåking mislykket User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6802 "NUMBER_OF_PROCESSORS"=2 "PLATFORM"=MCD "PCBRAND"=Pavilion "OnlineServices"=Online Services "USERPART"=E: -----------------EOF----------------- Lenke til kommentar
ilpostino Skrevet 5. mai 2009 Del Skrevet 5. mai 2009 Hei! Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og dermed vil det være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vi kan anbefale å lese om hva vår nettikette sier om dårlig bruk av emnetitler. Bruk -knappen i første post for å endre emnetittelen. Tråden bryter også med tre-ords-regelen. Bruk -knappen i første post for å endre emnetittelen. Om du ikke endrer emnetittel kan tråden bli stengt. Når endringen er gjennomført er det flott om du bruker -knappen ved dette innlegget slik at en moderator raskere får fjernet denne moderatormeldingen. Reaksjoner og spørsmål rundt moderering skal gjøres på PM, ikke i tråden. Lenke til kommentar
snippsat Skrevet 5. mai 2009 Del Skrevet 5. mai 2009 Det ser rimlig greit ut. Rydder litt. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file) O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file) O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Oppdatere avast og ta en scann nå,regner med at det var den som melte av om viruset? Finner den noe nå ta med korrekt plassering. Eksp:c\windows\system32\<filname> Så tar vi en vurdering av det. Lenke til kommentar
Gjest Slettet-D7I5Gr2 Skrevet 5. mai 2009 Del Skrevet 5. mai 2009 (endret) Faktisk så fikk jeg beskjed av en kompis at jeg hadde virus. Avast fant ikke noe som helst. Ferdig med C-cleaner nå, kjører avast. Om avast ikke finner noe,er vi da done? (skal jeg poste det c-cleaner fant foresten?) Endret 5. mai 2009 av Slettet-D7I5Gr2 Lenke til kommentar
snippsat Skrevet 5. mai 2009 Del Skrevet 5. mai 2009 Ferdig med C-cleaner nå, kjører avast. Om avast ikke finner noe,er vi da done? Ja for loggen så bra ut,hadde du hatt virus ville jeg sett spor av det og fjernet det. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
Gjest Slettet-D7I5Gr2 Skrevet 5. mai 2009 Del Skrevet 5. mai 2009 Thank you stanger. Om man er trondheimer så vanker det en pils i din retning. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå