Virus- oppfølging tråd

[Gjest Slettet-D7I5Gr2]

Ich habe virus, så da fulgte jeg hintene fra denne tråden

https://www.diskusjon.no/index.php?showtopic=691246

 

 

Logg1

 

https://www.diskusjon.no/index.php?showtopic=691246

 

 

Log2

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 2075

Windows 6.0.6001 Service Pack 1

 

05.05.2009 00:18:47

mbam-log-2009-05-05 (00-18-47).txt

 

Skanntype: Rask Skann

Objekter skannet: 65609

Tid tilbakelagt: 7 minute(s), 5 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Fant ikke loggen fra combofix. :\ Men den viste ivertfall at det var 0 infiserte ting på pc'n.

Så now what? Data er ikke helt min greie(som man sikkert forstår)

Endret 4. mai 2009 av Slettet-D7I5Gr2

[snippsat]

Søk etter combofix.txt

 

Har du fulgt veiledningen skal combofix legges på skrivebordet.

Da vill combofix.txt ligge under root c:\

 

Kjør denne og post loggen.

 

Last ned RSIT (Random's System Information Tool) til skrivebordet

Start programmet ved å dobbeltklikke på RSIT.exe

Klikk Continue

Etter få strakser vil det lages en logg (log.txt). Den poster du.

Endret 4. mai 2009 av SNIPPSAT

[Gjest Slettet-D7I5Gr2]

Finner ikke combofix. txt jeg, og ja den er på

skrivebordet.

 

Log-notisblokk

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Eier at 2009-05-05 01:12:15

Microsoft® Windows Vista™ Home Premium Service Pack 1

System drive C: has 13 GB (12%) free of 105 GB

Total RAM: 1982 MB (45% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:13:49, on 05.05.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Windows\system32\conime.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Eier\Desktop\RSIT.exe

C:\Program Files\trend micro\Eier.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\cmd.execf

C:\Windows\system32\cmd.execf

C:\32788R22FWJFW\pv.exe

C:\32788R22FWJFW\pv.cfexe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O13 - Gopher Prefix:

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9644 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\PCConfidential.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2009-03-28 1883672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-18 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2009-03-28 1883672]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-10-01 181544]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-20 202032]

"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]

"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-09 311296]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-26 39408]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb418923-d33e-11dd-8d0e-001e6820539b}]

shell\AutoRun\command - F:\WDSetup.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-05-05 01:13:26 ----D---- C:\32788R22FWJFW

2009-05-05 01:12:16 ----D---- C:\Program Files\trend micro

2009-05-05 01:12:15 ----D---- C:\rsit

2009-05-05 00:27:14 ----A---- C:\Windows\system32\CF15856.exe

2009-05-05 00:25:40 ----A---- C:\Windows\system32\CF15543.exe

2009-05-05 00:25:29 ----A---- C:\Bug.txt

2009-05-05 00:25:27 ----A---- C:\Windows\system32\cmd.execf

2009-05-05 00:18:57 ----D---- C:\Windows\ERDNT

2009-05-05 00:18:55 ----D---- C:\ComboFix

2009-05-05 00:18:54 ----A---- C:\Windows\system32\CF14217.exe

2009-05-05 00:15:07 ----A---- C:\Windows\system32\CF13462.exe

2009-05-05 00:15:05 ----A---- C:\Windows\system32\swsc.exe

2009-05-05 00:14:58 ----D---- C:\Qoobox

2009-05-04 23:59:18 ----D---- C:\Users\Eier\AppData\Roaming\Malwarebytes

2009-05-04 23:59:04 ----D---- C:\ProgramData\Malwarebytes

2009-05-04 23:59:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-05-04 22:09:56 ----D---- C:\Windows\PCHEALTH

2009-05-04 21:57:48 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller

2009-05-04 21:57:31 ----D---- C:\Program Files\Windows Live

2009-05-04 21:55:48 ----D---- C:\ProgramData\WLInstaller

2009-04-16 10:43:05 ----A---- C:\Windows\system32\winhttp.dll

2009-04-16 10:43:03 ----A---- C:\Windows\system32\msdtcprx.dll

2009-04-16 10:43:02 ----A---- C:\Windows\system32\xolehlp.dll

2009-04-16 10:42:51 ----A---- C:\Windows\system32\rpcss.dll

2009-04-16 10:42:50 ----A---- C:\Windows\system32\ntoskrnl.exe

2009-04-16 10:42:50 ----A---- C:\Windows\system32\ntkrnlpa.exe

2009-04-16 10:42:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2009-04-16 10:42:47 ----A---- C:\Windows\system32\sdohlp.dll

2009-04-16 10:42:47 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasrecst.dll

2009-04-16 10:42:47 ----A---- C:\Windows\system32\iashost.exe

2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasdatastore.dll

2009-04-16 10:42:47 ----A---- C:\Windows\system32\iasads.dll

2009-04-16 10:42:42 ----A---- C:\Windows\system32\lsasrv.dll

2009-04-16 10:42:42 ----A---- C:\Windows\system32\kernel32.dll

2009-04-16 10:42:41 ----A---- C:\Windows\system32\secur32.dll

2009-04-16 10:42:41 ----A---- C:\Windows\system32\apilogen.dll

2009-04-16 10:42:41 ----A---- C:\Windows\system32\amxread.dll

2009-04-16 10:42:31 ----A---- C:\Windows\system32\mshtml.dll

2009-04-16 10:42:27 ----A---- C:\Windows\system32\ieframe.dll

2009-04-16 10:42:26 ----A---- C:\Windows\system32\urlmon.dll

2009-04-16 10:42:23 ----A---- C:\Windows\system32\wininet.dll

2009-04-16 10:42:22 ----A---- C:\Windows\system32\iertutil.dll

2009-04-16 10:42:21 ----A---- C:\Windows\system32\iedkcs32.dll

2009-04-16 10:42:20 ----A---- C:\Windows\system32\msfeeds.dll

2009-04-16 10:42:19 ----A---- C:\Windows\system32\occache.dll

2009-04-16 10:42:19 ----A---- C:\Windows\system32\ieUnatt.exe

2009-04-16 10:42:19 ----A---- C:\Windows\system32\ieaksie.dll

2009-04-16 10:42:18 ----A---- C:\Windows\system32\mstime.dll

2009-04-16 10:42:18 ----A---- C:\Windows\system32\ieencode.dll

2009-04-16 10:42:17 ----A---- C:\Windows\system32\jsproxy.dll

 

======List of files/folders modified in the last 1 months======

 

2009-05-05 01:13:47 ----D---- C:\Windows\Temp

2009-05-05 01:12:16 ----RD---- C:\Program Files

2009-05-05 00:27:14 ----D---- C:\Windows\system32\nb-NO

2009-05-05 00:27:14 ----D---- C:\Windows\System32

2009-05-05 00:18:57 ----D---- C:\Windows

2009-05-05 00:15:48 ----D---- C:\Windows\inf

2009-05-05 00:15:48 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-05-05 00:15:05 ----D---- C:\Windows\system32\drivers

2009-05-05 00:08:32 ----SHD---- C:\Config.Msi

2009-05-04 23:59:04 ----HD---- C:\ProgramData

2009-05-04 22:11:07 ----SHD---- C:\Windows\Installer

2009-05-04 22:11:05 ----D---- C:\Windows\winsxs

2009-05-04 22:10:40 ----D---- C:\Windows\Prefetch

2009-05-04 21:58:33 ----SHD---- C:\System Volume Information

2009-05-04 21:57:48 ----D---- C:\Program Files\Common Files

2009-05-04 21:57:35 ----D---- C:\Windows\system32\catroot

2009-05-04 21:57:32 ----D---- C:\Program Files\Common Files\microsoft shared

2009-05-04 20:32:35 ----D---- C:\Users\Eier\AppData\Roaming\dvdcss

2009-05-02 04:58:10 ----D---- C:\Users\Eier\AppData\Roaming\uTorrent

2009-04-16 23:11:23 ----D---- C:\Windows\system32\catroot2

2009-04-16 23:08:21 ----D---- C:\Windows\system32\wbem

2009-04-16 23:08:21 ----D---- C:\Program Files\Windows Mail

2009-04-16 23:08:20 ----D---- C:\Windows\system32\manifeststore

2009-04-16 23:08:20 ----D---- C:\Windows\AppPatch

2009-04-16 23:08:20 ----D---- C:\Program Files\Internet Explorer

2009-04-16 22:13:30 ----D---- C:\Windows\system32\WDI

2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-25 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 735232]

R3 CmBatt;Microsoft ACPI Control Method Battery-driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]

R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]

R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]

R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-10 176640]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-03 135168]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-10-01 271760]

R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-10-01 112016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

 

 

Info-notisblokk

 

info.txt logfile of random's system information tool 1.06 2009-05-05 01:13:59

 

======Uninstall list======

 

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001}

Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}

Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Compatibility Pack for 2007 Office-->MsiExec.exe /X{90120000-0020-0414-0000-0000000FF1CE}

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

ESU for Microsoft Vista-->MsiExec.exe /I{68471BF2-F1F7-4C89-BBBA-400B94996596}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly

HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly

HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}

HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst

HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall

HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}

HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}

InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - nor-->MsiExec.exe /I{2ADD2892-255C-34C2-AE90-5EF603273DFF}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål))-->MsiExec.exe /X{95120000-00AF-0414-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works-->MsiExec.exe /I{D1824129-8BE2-4FA6-B262-C4D99F7355D3}

MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything

SmartShopper-->C:\Program Files\Smart-Shopper\Uninst.exe

Softonic_English Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE C:\PROGRA~1\SOFTON~1\INSTALL.LOG

SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nor\setup.exe

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe

VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

 

======Security center information======

 

AS: Windows Defender

 

======System event log======

 

Computer Name: Eier-PC

Event Code: 1001

Message: Skanning av Windows Defender er fullført.

Skanne-ID: {0ADC49BE-D147-4737-9FFD-7A88976D2553}

Skannetype: Antispionvare

Skanneparametere: Hurtigskanning

Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE

Skannetid: 0:06:13

Record Number: 120582

Source Name: Microsoft-Windows-Windows Defender

Time Written: 20090504223526.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 7036

Message: Tjenesten WinHTTP Web Proxy Auto-Discovery Service gikk inn i tilstanden stoppet.

Record Number: 120583

Source Name: Service Control Manager

Time Written: 20090504224515.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 7036

Message: Tjenesten Windows CardSpace gikk inn i tilstanden kjører.

Record Number: 120584

Source Name: Service Control Manager

Time Written: 20090504224738.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 102

Message: Tjenesten stoppet publisering midlertidig på grunn av en strømhendelse.

Record Number: 120585

Source Name: Microsoft-Windows-ResourcePublication

Time Written: 20090504230807.302850-000

Event Type: Informasjon

User: NT-MYNDIGHET\LOKAL TJENESTE

 

Computer Name: Eier-PC

Event Code: 104

Message: Tjenesten publiserer på nettverket.

Record Number: 120586

Source Name: Microsoft-Windows-ResourcePublication

Time Written: 20090504230840.884850-000

Event Type: Informasjon

User: NT-MYNDIGHET\LOKAL TJENESTE

 

=====Application event log=====

 

Computer Name: Eier-PC

Event Code: 1001

Message: Fjerning av ytelsestellere for tjenesten WmiApRpl (WmiApRpl) var vellykket. Postdataene inneholder de nye verdiene for maskinens registeroppføringer for siste teller og siste hjelp.

Record Number: 8732

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20090504221548.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 1000

Message: Innlasting av ytelsestellere for tjenesten WmiApRpl (WmiApRpl) var vellykket. Postdataene i dataavsnittet inneholder de nye indeksverdiene som er tilordnet tjenesten.

Record Number: 8733

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20090504221548.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 1007

Message: Data for programmet for forbedret kundeopplevelse er sendt til Microsoft.

Record Number: 8734

Source Name: Microsoft-Windows-CEIP

Time Written: 20090504221905.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 0

Message: Tjenesten startet.

Record Number: 8735

Source Name: idsvc

Time Written: 20090504224738.000000-000

Event Type: Informasjon

User:

 

Computer Name: Eier-PC

Event Code: 5

Message: Unsupported service control request (see data below)

Record Number: 8736

Source Name: LightScribeService

Time Written: 20090504231356.000000-000

Event Type: Informasjon

User:

 

=====Security event log=====

 

Computer Name: Eier-PC

Event Code: 5038

Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

 

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 8658

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090504231341.970850-000

Event Type: Overvåking mislykket

User:

 

Computer Name: Eier-PC

Event Code: 5038

Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

 

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 8659

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090504231342.141850-000

Event Type: Overvåking mislykket

User:

 

Computer Name: Eier-PC

Event Code: 5038

Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

 

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 8660

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090504231342.356850-000

Event Type: Overvåking mislykket

User:

 

Computer Name: Eier-PC

Event Code: 5038

Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

 

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 8661

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090504231342.542850-000

Event Type: Overvåking mislykket

User:

 

Computer Name: Eier-PC

Event Code: 5038

Message: Kodeintegritet fastslo at bilde-hash for en fil ikke er gyldig. Filen kan være ødelagt på grunn av uautorisert endring, eller ugyldig hash kan være tegn på en mulig diskenhetsfeil.

 

Filnavn: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 8662

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090504231342.719850-000

Event Type: Overvåking mislykket

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6802

"NUMBER_OF_PROCESSORS"=2

"PLATFORM"=MCD

"PCBRAND"=Pavilion

"OnlineServices"=Online Services

"USERPART"=E:

 

-----------------EOF-----------------

 

 

[ilpostino]

Hei!

 

Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og dermed vil det være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vi kan anbefale å lese om hva vår nettikette sier om dårlig bruk av emnetitler.

Bruk -knappen i første post for å endre emnetittelen.

 

Tråden bryter også med tre-ords-regelen.

 

Bruk -knappen i første post for å endre emnetittelen. Om du ikke endrer emnetittel kan tråden bli stengt.

 

Når endringen er gjennomført er det flott om du bruker -knappen ved dette innlegget slik at en moderator raskere får fjernet denne moderatormeldingen.

 

Reaksjoner og spørsmål rundt moderering skal gjøres på PM, ikke i tråden.

[snippsat]

Det ser rimlig greit ut.

 

Rydder litt.

 

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

---

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

Oppdatere avast og ta en scann nå,regner med at det var den som melte av om viruset?

Finner den noe nå ta med korrekt plassering.

Eksp:c\windows\system32\<filname>

Så tar vi en vurdering av det.

[Gjest Slettet-D7I5Gr2]

Faktisk så fikk jeg beskjed av en kompis at jeg hadde virus. Avast fant ikke noe som helst.

 

Ferdig med C-cleaner nå, kjører avast. Om avast ikke finner noe,er vi da done?

(skal jeg poste det c-cleaner fant foresten?)

Endret 5. mai 2009 av Slettet-D7I5Gr2

[snippsat]

Ferdig med C-cleaner nå, kjører avast. Om avast ikke finner noe,er vi da done?

Ja for loggen så bra ut,hadde du hatt virus ville jeg sett spor av det og fjernet det.

 

Sjekk om software er oppdatert Secunia

 

Surf trygt.

[Gjest Slettet-D7I5Gr2]

Thank you stanger.

Om man er trondheimer så vanker det en pils i din retning.