Combofix logg fra bærbar - virus som spiser disken?

Hayer · 2. mai 2008

Hei!

Noen som har tid / orker å se gjennom denne 'ligge' loggen?

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-05-01.3 - Rannveig 2008-05-02 23:50:29.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1044.18.912 [GMT 2:00]

Running from: C:\Users\Rannveig\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Rannveig\Music\Ipod\Privat\Desktop_.ini

.

((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))

.

2008-05-02 23:47 . 2008-05-02 23:49 <DIR> d-------- C:\327882R2FWJFW

2008-05-02 23:37 . 2008-05-02 23:37 <DIR> d-------- C:\Program Files\CCleaner

2008-04-10 12:22 . 2007-12-16 13:42 83,968 --------- C:\Windows\System32\dnsrslvr.dll

2008-04-10 12:22 . 2007-12-16 13:41 24,576 --------- C:\Windows\System32\dnscacheugc.exe

2008-04-10 12:21 . 2008-02-29 06:16 2,027,008 --------- C:\Windows\System32\win32k.sys

2008-04-10 12:21 . 2008-02-15 01:19 944,184 --------- C:\Windows\System32\winload.exe

2008-04-10 12:21 . 2008-02-19 07:10 620,088 --------- C:\Windows\System32\ci.dll

2008-04-10 12:21 . 2008-02-21 06:43 296,448 --------- C:\Windows\System32\gdi32.dll

2008-04-10 12:21 . 2008-02-29 08:51 19,000 --------- C:\Windows\System32\kd1394.dll

2008-04-10 12:20 . 2008-02-29 08:39 371,712 --------- C:\Windows\System32\srcore.dll

2008-04-10 12:20 . 2008-02-29 08:38 313,856 --------- C:\Windows\System32\rstrui.exe

2008-04-10 12:20 . 2008-02-29 08:39 40,960 --------- C:\Windows\System32\srclient.dll

2008-04-10 12:20 . 2008-02-29 08:38 16,384 --------- C:\Windows\System32\srdelayed.exe

2008-04-10 12:20 . 2008-02-29 08:34 7,168 --------- C:\Windows\System32\f3ahvoas.dll

2008-04-10 12:20 . 2008-02-29 08:35 6,656 --------- C:\Windows\System32\kbd106n.dll

2008-04-10 12:19 . 2008-02-21 06:42 1,831,424 --------- C:\Windows\System32\inetcpl.cpl

2008-04-10 12:19 . 2008-02-21 06:43 826,368 --------- C:\Windows\System32\wininet.dll

2008-04-05 16:59 . 2008-04-05 16:59 <DIR> d-------- C:\Program Files\iPod

2008-04-05 16:59 . 2008-04-05 16:59 54,156 ---h----- C:\Windows\QTFont.qfn

2008-04-05 16:59 . 2008-04-05 16:59 1,409 --------- C:\Windows\QTFont.for

2008-04-05 16:58 . 2008-04-05 16:59 <DIR> d-------- C:\Program Files\iTunes

2008-04-05 16:57 . 2008-04-05 16:57 <DIR> d-------- C:\Program Files\QuickTime

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-02 21:45 --------- d-----w C:\ProgramData\Symantec

2008-05-02 21:07 27,620 ----a-w C:\Users\Rannveig\AppData\Roaming\nvModes.dat

2008-04-23 05:13 --------- d-----w C:\Users\Rannveig\AppData\Roaming\skypePM

2008-04-23 05:13 --------- d-----w C:\Users\Rannveig\AppData\Roaming\Skype

2008-04-11 01:12 --------- d-----w C:\Program Files\Windows Mail

2008-03-24 12:48 --------- d-----w C:\Program Files\PCDR5

2008-03-15 23:45 --------- d-----w C:\ProgramData\Autodesk

2008-03-15 23:45 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2008-03-15 23:45 --------- d-----w C:\Program Files\Autodesk

2008-03-14 23:57 --------- d-----w C:\Users\Rannveig\AppData\Roaming\Autodesk

2008-03-14 23:57 --------- d-----w C:\Program Files\AOEMView 2008

2008-03-14 23:56 --------- d-----w C:\Program Files\Microsoft WSE

2008-03-14 22:50 --------- d-----w C:\Program Files\Java

2008-03-14 22:49 --------- d-----w C:\Program Files\Autodesk Network License Manager

2008-03-12 11:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-06 20:32 706 ------w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ------w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ------w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-05 16:43 223,360 ------w C:\Windows\system32\drivers\e1e6032.sys

2008-02-27 21:15 318,904 ------w C:\wmpfirefoxplugin.exe

2008-02-27 21:12 1,491,592 ------w C:\install_flash_player.exe

2008-02-23 16:05 32 ------w C:\Users\All Users\ezsid.dat

2008-02-23 16:05 32 ------w C:\ProgramData\ezsid.dat

2008-02-21 04:43 56,320 ------w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ------w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 26,624 ------w C:\Windows\System32\ieUnatt.exe

2008-02-15 02:11 194,560 ------w C:\Windows\System32\WebClnt.dll

2008-02-15 02:05 3,505,720 ------w C:\Windows\System32\ntkrnlpa.exe

2008-02-15 02:05 3,471,928 ------w C:\Windows\System32\ntoskrnl.exe

2008-02-15 02:04 537,600 ------w C:\Windows\AppPatch\AcLayers.dll

2008-02-15 02:04 449,536 ------w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-15 02:04 4,247,552 ------w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-15 02:04 24,064 ------w C:\Windows\System32\netcfg.exe

2008-02-15 02:04 22,016 ------w C:\Windows\System32\netiougc.exe

2008-02-15 02:04 2,560 ------w C:\Windows\AppPatch\AcRes.dll

2008-02-15 02:04 2,144,256 ------w C:\Windows\AppPatch\AcGenral.dll

2008-02-15 02:04 173,056 ------w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-15 02:04 167,424 ------w C:\Windows\System32\tcpipcfg.dll

2008-02-15 02:04 1,686,528 ------w C:\Windows\System32\gameux.dll

2008-01-31 19:05 174 --sh--w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-31 09:34 1232896]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-14 23:18 171448]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-29 06:08 1006264]

"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 20:03 58416]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 06:58 815104]

"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 07:49 66176]

"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-06-17 19:05 321072]

"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-06-17 19:05 214576]

"TpShocks"="TpShocks.exe" [2007-03-29 19:40 181808 C:\Windows\System32\TpShocks.exe]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 19:32 243248]

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 09:18 1261568]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-27 09:57 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-27 09:57 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-27 09:57 81920]

"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 21:12 536576]

"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 17:21 217176]

"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 12:51 91688]

"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 19:02 120368]

"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 20:00 419376]

"RoxioDragToDisc"="C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 10:05 1116920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43 83608]

"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 16:48 419112]

"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 16:49 124200]

"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-12-21 20:56 2614848]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]

"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 19:01 28672]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-28 21:45:47 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

C:\Windows\system32\psqlpwd.dll 2007-03-14 23:17 89600 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{2B26CE38-A428-450B-B45B-FADAB0B80BBE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{36CED2C8-B97F-42B7-8CEC-08AA6D561F9F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{715E0EFD-C3AD-4D52-ACFD-E39189CA0852}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{B150C8BA-EEBD-4F5A-8BB9-619243FCBDE2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{05A4C5D3-45FA-4BBD-9C0F-881D74570EAD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{278A73A7-2E90-4687-9750-B44180C54BBD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{343B61B4-294F-4E16-A4F3-441B91717FA5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{6F15D661-AE35-41F4-AC19-4CF33FF1DCA8}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{9430B79E-1EE1-4FB6-AB5D-FEDA19B1A4BD}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]

S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 20:46]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 07:20]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 07:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{189434dd-ef38-11dc-8ef0-001e3718f96c}]

\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-04-29 21:40:44 C:\Windows\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Rannveig.job"

Takker på forhånd

norbat · 2. mai 2008

Klarer ikke å se noe virus i den loggen.

Ser du hvilke filer som evt. blir opprettet på PC-en og som 'tar' disken?

snippsat · 2. mai 2008

Har vært noen sånne poster før.

Det har ikke vært virus som har vært syndere.

program som står får gjenoppretting av systemet har du det?

Verktøy som hjelper,bør ikke være noe problem og se hvor det øker.

http://www.sixty-five.cc/sm/

http://windirstat.info/

Logg inn

Combofix logg fra bærbar - virus som spiser disken?

Anbefalte innlegg

Hayer

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

snippsat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Overrasket? Nei, det er FrP på gang igjen 1 2 3 4

Woke i moderne underholdningsindustri 1 2 3 4 505

Hvem er aktive 0 medlemmer