-Léon- Skrevet 22. november 2009 Del Skrevet 22. november 2009 (endret) Har kjørt MBAM og fant en infekted fil(er) og har nå blitt fjernet, har også kjørt BitDefender som ikke fant noe etterpå. Her er RSIT loggen min. info.txt logfile of random's system information tool 1.06 2009-11-22 15:19:04 ======Uninstall list====== -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL 18 Wheels of Steel Extreme Trucker-->"C:\Program Files (x86)\InstallShield Installation Information\{30ED44CB-7314-4C6E-800C-C4BADDE67D8A}\setup.exe" -runfromtemp -l0x0009 -removeonly 18 Wheels of Steel: American Long Haul-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12520 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A92000000001} Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Borderlands-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}\setup.exe" -l0x9 -removeonly Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240 DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe Dark Messiah Might and Magic Single Player-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2100 Doom 3-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/9050 Dragon Age: Origins - Character Creator-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24920 Dragon Age: Origins-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe Enemy Territory: QUAKE Wars-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10000 Frontlines: Fuel of War-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/9460 Garry's Mod-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000 GIMP 2.6.7-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe" GRID-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12750 HijackThis 2.0.2-->"D:\-= Appz =-\HijackTHIS\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} K-Lite Mega Codec Pack 5.1.4-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" Left 4 Dead-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/500 LimeWire 5.2.13-->"C:\Program Files (x86)\LimeWire\uninstall.exe" Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB} Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Ultimate 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC Mozilla Firefox (3.5.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991} Operation Cleaner 2 v1.2-->"C:\-= Spill =-\Operation Cleaner 2\unins000.exe" Opplastingsverktøy for Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Påloggingsassistent for Windows Live-->MsiExec.exe /I{3B4A0DDA-2AAE-4467-A803-BF2520CD3D06} QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Sins of a Solar Empire-->"C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE Sins of a Solar Empire-->C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462} Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5} Warhammer 40,000: Dawn of War II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15620 Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06} Windows Live Messenger-->MsiExec.exe /X{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe" ======Security center information====== AV: ESET NOD32 Antivirus 4.0 AS: ESET NOD32 Antivirus 4.0 AS: Windows Defender ======System event log====== Computer Name: Andre-PC Event Code: 4383 Message: Windows-service har fullført prosessen med å endre oppdateringen Trigger_1 fra KB938371 (Update)-pakken til Løser(Resolving)-tilstand Record Number: 21080 Source Name: Microsoft-Windows-Servicing Time Written: 20090918172237.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM Computer Name: Andre-PC Event Code: 4383 Message: Windows-service har fullført prosessen med å endre oppdateringen 938371-368_neutral_LDR fra KB938371 (Update)-pakken til Løser(Resolving)-tilstand Record Number: 21079 Source Name: Microsoft-Windows-Servicing Time Written: 20090918172237.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM Computer Name: Andre-PC Event Code: 4383 Message: Windows-service har fullført prosessen med å endre oppdateringen 938371-374_neutral_PACKAGE fra KB938371 (Update)-pakken til Løser(Resolving)-tilstand Record Number: 21078 Source Name: Microsoft-Windows-Servicing Time Written: 20090918172237.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM Computer Name: Andre-PC Event Code: 4383 Message: Windows-service har fullført prosessen med å endre oppdateringen 938371-367_neutral_GDR fra KB938371 (Update)-pakken til Løser(Resolving)-tilstand Record Number: 21077 Source Name: Microsoft-Windows-Servicing Time Written: 20090918172237.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM Computer Name: Andre-PC Event Code: 4383 Message: Windows-service har fullført prosessen med å endre oppdateringen 938371-366_neutral_LDR fra KB938371 (Update)-pakken til Løser(Resolving)-tilstand Record Number: 21076 Source Name: Microsoft-Windows-Servicing Time Written: 20090918172237.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM =====Application event log===== Computer Name: LH-HLQYPWYHWPUZ Event Code: 4625 Message: EventSystem-delsystemet demper dupliserte handlingsloggoppføringer i 86400 sekunder. Dempingstidsavbruddet kan kontrolleres ved en REG_DWORD-verdi med navnet SuppressDuplicateDuration under følgende registernøkkel: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 5 Source Name: Microsoft-Windows-EventSystem Time Written: 20090918124836.000000-000 Event Type: Informasjon User: Computer Name: LH-HLQYPWYHWPUZ Event Code: 900 Message: Software Licensing-tjenesten starter. Record Number: 4 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090918124835.000000-000 Event Type: Informasjon User: Computer Name: LH-HLQYPWYHWPUZ Event Code: 1531 Message: Tjenesten User Profile er startet. Record Number: 3 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090918124834.000000-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM Computer Name: 26L2233A1-13 Event Code: 2 Message: Klient for Certificate Services har blitt stoppet. Record Number: 2 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20061102160003.208200-000 Event Type: Informasjon User: Computer Name: 26L2233A1-13 Event Code: 2 Message: Klient for Certificate Services har blitt stoppet. Record Number: 1 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20061102160003.145800-000 Event Type: Informasjon User: NT-MYNDIGHET\SYSTEM =====Security event log===== Computer Name: 26L2233A1-13 Event Code: 4902 Message: Overvåkingspolicytabell per bruker ble opprettet. Antall elementer: 0 Policy-ID: 0x7cd8d Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090918124802.650712-000 Event Type: Overvåking vellykket User: Computer Name: 26L2233A1-13 Event Code: 4624 Message: Det ble logget på en konto. Emne: Sikkerhets-ID: S-1-0-0 Kontonavn: - Kontodomene: - Påloggings-ID: 0x0 Påloggingstype: 0 Ny pålogging: Sikkerhets-ID: S-1-5-18 Kontonavn: SYSTEM Kontodomene: NT-MYNDIGHET Påloggings-ID: 0x3e7 Påloggings-GUID: {00000000-0000-0000-0000-000000000000} Prosessinformasjon: Prosess-ID: 0x4 Prosessnavn: Nettverksinformasjon: Navn på arbeidsstasjon: - Adresse til kildenettverk: - Kildeport: - Detaljert godkjenningsinformasjon: Påloggingsprosess: - Godkjenningspakke: - Overførte tjenester: - Pakkenavn (bare NTLM): - Nøkkellengde: 0 Denne hendelsen genereres når en påloggingsøkt opprettes. Den genereres på datamaskinen der tilgang ble gitt. Emnefeltene angir kontoen på det lokale systemet som bad om påloggingen. Dette er vanligvis en tjeneste som Server-tjenesten, eller en lokal prosess som Winlogon.exe eller Services.exe. Påloggingstypefeltet angir hvilken påloggingstype som ble brukt. De vanligste typene er 2 (interaktiv) og 3 (nettverk). Feltene for ny pålogging angir hvilken konto den nye påloggingen ble opprettet fra, det vil si kontoen som ble logget på. Nettverksfeltene angir hvor den eksterne påloggingsforespørselen kom fra. Navnet på arbeidsstasjonen er ikke alltid tilgjengelig, og feltet kan enkelte ganger være tomt. Feltene med godkjenningsinformasjon gir detaljert informasjon om denne bestemte påloggingsforespørselen. - Påloggings-GUIDen er en entydig identifikator som kan brukes til å koordinere denne hendelsen med en KDC-hendelse. - Overførte tjenester angir hvilke mellomliggende tjenester som har deltatt i denne påloggingsforespørselen. - Pakkenavnet angir hvilken underprotokoll som ble brukt blant NTLM-protokollene. - Nøkkellengden angir lengden til den genererte øktnøkkelen. Den er 0 hvis det ikke ble bedt om en øktnøkkel. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090918124800.139096-000 Event Type: Overvåking vellykket User: Computer Name: 26L2233A1-13 Event Code: 4608 Message: Windows starter. Denne hendelsen logges når Lsass.exe starter og overvåkingsdelsystemet initialiseres. Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090918124800.123496-000 Event Type: Overvåking vellykket User: Computer Name: 26L2233A1-13 Event Code: 4647 Message: Brukerinitiert avlogging: Emne: Sikkerhets-ID: S-1-5-21-3991871189-2232181320-2112149827-500 Kontonavn: Administrator Kontodomene: 26L2233A1-13 Påloggings-ID: 0x92456 Denne hendelsen genereres når en avlogging initieres, men tokenreferanseantallet ikke er null, og påloggingsøkten kan ødelegges. Ingen ytterligere brukerinitiert aktivitet kan skje. Denne hendelsen kan tolkes som en avloggingshendelse. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061102160004.159800-000 Event Type: Overvåking vellykket User: Computer Name: 26L2233A1-13 Event Code: 4634 Message: Det ble logget av en konto. Emne: Sikkerhets-ID: S-1-5-7 Kontonavn: ANONYMOUS LOGON Kontodomene: NT AUTHORITY Påloggings-ID: 0x1f471 Påloggingstype: 3 Denne hendelsen genereres når en påloggingsøkt ødelegges. Den kan være positivt koordinert med en påloggingshendelse som bruker påloggings-ID-verdien. Påloggings-IDer er entydige mellom nye oppstarter på samme datamaskin. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20061102160003.192600-000 Event Type: Overvåking vellykket User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Endret 22. november 2009 av Léon_ Lenke til kommentar
norbat Skrevet 22. november 2009 Del Skrevet 22. november 2009 (endret) RSIT lager to logger. Den som er av interesse er den som heter log.txt. Du finner den på c:\rsit Post også mbam-loggen. Endret 22. november 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå