Windows Live Messenger virus

[McGrath]

Jeg trur jeg klarte å få et msn virus av en kompis. Jeg et ikke akkurat den smarteste, så jeg åpna pakka han sendte. Den begynte så å sende seg videre tel alle på kontaktlista mi osv.

Jeg kjørte McAfee scan på scan, og brukte Webroot Spy Sweeper, men ingenting har kommet opp.

 

Er det noen som veit hvordan jeg kan finne detta viruset? Er det noen programmer jeg kan laste ned some kan få det bort?

 

Takker

[norbat]

Hvis 'viruset' er der, så skal vi nok ta det. Vi tar en ekstra runde da det kan være nyttig å se hva det oppretter av filer/register:

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

[McGrath]

Hvis 'viruset' er der, så skal vi nok ta det. Vi tar en ekstra runde da det kan være nyttig å se hva det oppretter av filer/register:

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.

 

Takker så mye. Er den denne logfilen under du mener? Den kom opp i Notepad.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:40:59, on 30.01.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Users\Tarjei\Desktop\ Hijackthis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r

O4 - HKLM\..\Run: [TpShocks] "C:\Windows\system32\TpShocks.exe"

O4 - HKLM\..\Run: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe"

O4 - HKLM\..\Run: [EZEJMNAP] "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe"

O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"

O4 - HKLM\..\Run: [AMSG] "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" /startup

O4 - HKLM\..\Run: [LPManager] "C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe"

O4 - HKLM\..\Run: [LPMailChecker] "C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe"

O4 - HKLM\..\Run: [CameraApplicationLauncher] "C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWMTRV] "C:\Windows\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: "C:\Windows\system32\rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"

O4 - HKLM\..\Run: [ACWlIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"

O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"

O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O13 - Gopher Prefix:

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Alps Application Launcher Service (ApRunSvc) - Unknown owner - C:\Program Files\Apoint2K\ApRunSvc.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SuService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: Visning på skjermen (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11544 bytes

[norbat]

Ikke så mye å se der.

 

Last ned dds.scr til skrivebordet. Kjør programmet.

 

Post dds.txt-loggen

[McGrath]

Ikke så mye å se der.

 

Last ned dds.scr til skrivebordet. Kjør programmet.

 

Post dds.txt-loggen

 

Si ifra hvis det ikke er riktig logg etc.

 

DDS (Ver_09-01-19.01) - NTFSx86

Run by Tarjei at 20:54:28,99 on 30.01.2009

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2013.1008 [GMT 1:00]

 

FW: Webroot Internet Security Essentials *enabled*

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Apoint2K\ApRunSvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Lenovo\System Update\SuService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE

C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Webroot\WebrootSecurity\SSU.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Users\Tarjei\Desktop\ Hijackthis\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Tarjei\Downloads\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://lenovo.live.com

uDefault_Page_URL = hxxp://lenovo.live.com

BHO: Koblingshjelpeprogram for Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [TPFNF7] "c:\program files\lenovo\npdirect\TPFNF7SP.exe" /r

mRun: [<NO NAME>]

mRun: [TpShocks] "c:\windows\system32\TpShocks.exe"

mRun: [TPHOTKEY] "c:\program files\lenovo\hotkey\LVOSDSVC.exe"

mRun: [EZEJMNAP] "c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe"

mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"

mRun: [AMSG] "c:\program files\thinkvantage\amsg\Amsg.exe" /startup

mRun: [LPManager] "c:\progra~1\lenovo\lenovo~2\LPMGR.exe"

mRun: [LPMailChecker] "c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe"

mRun: [CameraApplicationLauncher] "c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [PWMTRV] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog

mRun: [ACTray] "c:\program files\thinkpad\connectutilities\ACTray.exe"

mRun: [ACWlIcon] "c:\program files\thinkpad\connectutilities\ACWlIcon.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray

StartupFolder: c:\users\tarjei\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

LSA: Notification Packages = scecli psqlpwd ACGina

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\tarjei\appdata\roaming\mozilla\firefox\profiles\qgksxoe8.default\

FF - prefs.js: browser.startup.homepage - www.startsiden.no

FF - component: c:\program files\lenovo\client security solution\pwm firefox extension\components\tvtpwm_moz_xpcom.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

 

============= SERVICES / DRIVERS ===============

 

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-15 114728]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-12-7 29808]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-15 19496]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-20 13480]

R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2008-12-24 12080]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-12-24 29736]

R3 DCamUSBGene;Integrated Camera;c:\windows\system32\drivers\USBSTK.sys [2008-12-24 173584]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-30 112128]

R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [2008-12-24 302464]

R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [2008-12-24 378496]

R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [2008-12-24 76328]

R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [2008-12-24 15104]

R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [2008-12-24 15104]

R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [2008-12-24 387072]

R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [2008-12-24 431488]

R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [2008-12-24 25984]

R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [2008-12-24 402944]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-29 3664384]

R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [2008-12-24 24232]

R4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\ApRunSvc.exe [2008-12-24 36864]

R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-12 30312]

R4 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2008-12-24 208896]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-24 203280]

R4 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-6-25 12560]

R4 TPHKSVC;Visning på skjermen;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-24 58736]

R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-25 520192]

R4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-1-26 1090936]

S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-1-26 48192]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]

S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-25 360448]

 

=============== Created Last 30 ================

 

2009-01-30 17:08 <DIR> --d----- c:\users\tarjei\Bluetooth Software

2009-01-30 17:00 1,048,576 ----hr-- C:\BOXSTER.BIN

2009-01-29 18:47 <DIR> --d----- c:\users\tarjei\appdata\roaming\OpenOffice.org

2009-01-29 18:40 <DIR> --d----- c:\program files\OpenOffice.org 3

2009-01-27 17:24 <DIR> --d----- C:\Lenovo

2009-01-26 20:15 48,192 a------- c:\windows\system32\drivers\tvtumon.sys

2009-01-26 20:03 584 a------- c:\windows\system32\InstallUtil.InstallLog

2009-01-26 16:15 <DIR> --d----- c:\program files\common files\MSSoap

2009-01-26 16:15 <DIR> --d----- C:\Binaries

2009-01-26 16:15 1,553,272 a------- c:\windows\WRSetup.dll

2009-01-26 16:15 <DIR> --d----- c:\users\tarjei\appdata\roaming\Webroot

2009-01-26 16:15 <DIR> --d----- c:\programdata\Webroot

2009-01-26 16:15 <DIR> --d----- c:\program files\Webroot

2009-01-26 16:15 <DIR> --d----- c:\progra~2\Webroot

2009-01-26 16:14 164 a------- C:\install.dat

2009-01-25 21:45 27,261 a------- C:\empsiklasttrace.xml

2009-01-25 21:31 <DIR> --d----- c:\programdata\Symantec

2009-01-25 21:31 <DIR> --d----- c:\progra~2\Symantec

2009-01-25 04:15 <DIR> --d----- c:\program files\CCleaner

2009-01-24 18:11 2,048 a------- c:\windows\system32\tzres.dll

2009-01-24 17:58 <DIR> --d----- c:\windows\SQL9_KB954606_ENU

2009-01-24 17:57 <DIR> --d----- c:\program files\MSXML 4.0

2009-01-24 16:12 <DIR> --d----- c:\programdata\WindowsSearch

2009-01-24 15:42 <DIR> --d----- C:\81ce48bdb7f9b5549000

2009-01-24 15:14 241,152 a------- c:\windows\system32\PortableDeviceApi.dll

2009-01-24 15:14 296,960 a------- c:\windows\system32\gdi32.dll

2009-01-24 15:14 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys

2009-01-24 15:14 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-01-24 15:14 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-01-24 15:14 1,191,936 a------- c:\windows\system32\msxml3.dll

2009-01-24 14:55 <DIR> --d----- C:\swwork

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Start-meny

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Skrivere

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Programdata

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Mine dokumenter

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Maler

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\Lokale innstillinger

2009-01-24 04:49 <DIR> --dsh--- c:\users\tarjei\AndrMask

2009-01-24 04:49 <DIR> --d----- c:\users\tarjei\Roaming

2009-01-24 04:49 <DIR> --d----- c:\users\Tarjei

2009-01-24 00:52 <DIR> --d----- c:\users\tarjei\appdata\roaming\Sports Interactive

2009-01-24 00:51 <DIR> --d----- c:\programdata\Sports Interactive

2009-01-24 00:51 <DIR> --d----- c:\progra~2\Sports Interactive

2009-01-24 00:50 255,848 a------- c:\windows\system32\xactengine2_6.dll

2009-01-24 00:41 <DIR> --d----- c:\programdata\Media Center Programs

2009-01-24 00:41 <DIR> --d----- c:\progra~2\Media Center Programs

2009-01-24 00:31 <DIR> --d----- c:\program files\common files\Steam

2009-01-24 00:30 <DIR> --d-h--- c:\program files\Zero G Registry

2009-01-24 00:30 <DIR> --d----- c:\program files\Sports Interactive

2009-01-24 00:30 <DIR> --d-h--- c:\users\tarjei\InstallAnywhere

2009-01-23 23:56 <DIR> --d----- c:\users\tarjei\Tracing

2009-01-23 23:55 <DIR> --d----- c:\program files\Microsoft

2009-01-23 23:55 <DIR> --d----- c:\program files\Windows Live SkyDrive

2009-01-23 23:49 <DIR> --d----- c:\program files\common files\Windows Live

2009-01-23 23:36 410,984 a------- c:\windows\system32\deploytk.dll

2009-01-23 23:05 <DIR> --d----- c:\programdata\Adobe

2009-01-23 22:17 10 a------- c:\windows\system32\firstboot.lgl

2009-01-23 22:17 <DIR> --d----- c:\program files\Windows Live Toolbar

2009-01-23 22:11 <DIR> --d----- c:\users\tarjei\appdata\roaming\Lenovo

2009-01-23 22:03 11,999 a------- c:\windows\system32\Config.MPF

2009-01-23 22:03 <DIR> --d----- c:\programdata\SiteAdvisor

2009-01-23 22:02 33,832 a------- c:\windows\system32\drivers\mferkdk.sys

2009-01-23 22:02 201,320 a------- c:\windows\system32\drivers\mfehidk.sys

2009-01-23 22:02 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys

2009-01-23 22:02 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys

2009-01-23 22:02 35,240 a------- c:\windows\system32\drivers\mfebopk.sys

2009-01-23 22:02 125,728 a------- c:\windows\system32\drivers\Mpfp.sys

2009-01-23 22:02 <DIR> --d----- c:\program files\McAfee.com

2009-01-23 22:02 <DIR> --d----- c:\program files\common files\McAfee

2009-01-23 22:02 <DIR> --d----- c:\program files\McAfee

2009-01-23 21:59 <DIR> --d----- c:\programdata\McAfee

2009-01-23 21:58 1,524,736 a------- c:\windows\system32\wucltux.dll

2009-01-23 21:58 83,456 a------- c:\windows\system32\wudriver.dll

2009-01-23 21:58 162,064 a------- c:\windows\system32\wuwebv.dll

2009-01-23 21:58 31,232 a------- c:\windows\system32\wuapp.exe

 

==================== Find3M ====================

 

2009-01-30 17:03 665,600 a------- c:\windows\inf\drvindex.dat

2009-01-30 17:03 143,360 a------- c:\windows\inf\infstrng.dat

2009-01-30 17:03 86,016 a------- c:\windows\inf\infstor.dat

2009-01-30 17:03 51,200 a------- c:\windows\inf\infpub.dat

2009-01-24 18:00 499,034 a------- c:\windows\system32\perfh014.dat

2009-01-24 18:00 94,000 a------- c:\windows\system32\perfc014.dat

2009-01-23 22:17 100 a------- c:\windows\system32\drivers\Lenovo_2738_53G.MRK

2008-12-24 11:51 33,536 a------- c:\windows\system32\drivers\tvtfilter.sys

2008-12-24 11:51 30,144 a------- c:\windows\system32\drivers\psadd.sys

2008-12-24 11:51 129,784 -------- c:\windows\system32\pxafs.dll

2008-12-24 11:51 118,520 -------- c:\windows\system32\pxinsi64.exe

2008-12-24 11:51 116,472 -------- c:\windows\system32\pxcpyi64.exe

2008-12-24 11:29 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf

2008-12-24 11:17 3,601,976 a------- c:\windows\system32\ntkrnlpa.exe

2008-12-24 11:17 3,549,752 a------- c:\windows\system32\ntoskrnl.exe

2008-12-24 11:15 428,544 a------- c:\windows\system32\EncDec.dll

2008-12-24 11:15 293,376 a------- c:\windows\system32\psisdecd.dll

2008-12-24 11:14 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys

2008-12-24 11:14 565,248 a------- c:\windows\system32\emdmgmt.dll

2008-12-24 11:14 148,480 a------- c:\windows\system32\drivers\nwifi.sys

2008-12-24 11:14 45,056 a------- c:\windows\system32\dataclen.dll

2008-12-24 11:14 36,864 a------- c:\windows\system32\cdd.dll

2008-12-24 11:13 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll

2008-12-24 11:13 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll

2008-12-24 11:13 801,280 a------- c:\windows\system32\NaturalLanguage6.dll

2008-12-24 11:11 2,032,640 a------- c:\windows\system32\win32k.sys

2008-12-24 11:10 303,616 a------- c:\windows\system32\wmpeffects.dll

2008-12-24 11:10 361,984 a------- c:\windows\system32\IPSECSVC.DLL

2008-12-24 11:09 885,248 a------- c:\windows\system32\RacEngn.dll

2008-12-24 11:09 891,448 a------- c:\windows\system32\drivers\tcpip.sys

2008-12-24 11:09 784,896 a------- c:\windows\system32\rpcrt4.dll

2008-12-24 11:09 72,192 a------- c:\windows\system32\drivers\pacer.sys

2008-12-24 11:09 15,360 a------- c:\windows\system32\pacerprf.dll

2008-12-24 11:08 180,224 a------- c:\windows\system32\scrobj.dll

2008-12-24 11:08 172,032 a------- c:\windows\system32\scrrun.dll

2008-12-24 11:08 155,648 a------- c:\windows\system32\wscript.exe

2008-12-24 11:08 135,168 a------- c:\windows\system32\cscript.exe

2008-12-24 11:08 430,080 a------- c:\windows\system32\vbscript.dll

2008-12-24 11:08 90,112 a------- c:\windows\system32\wshext.dll

2008-12-24 11:08 1,314,816 a------- c:\windows\system32\quartz.dll

2008-12-24 11:07 738,304 a------- c:\windows\system32\inetcomm.dll

2008-12-24 11:06 269,312 a------- c:\windows\system32\es.dll

2008-12-24 11:06 113,664 a------- c:\windows\system32\drivers\rmcast.sys

2008-12-24 11:05 529,464 a------- c:\windows\system32\drivers\ndis.sys

2008-12-24 11:03 6,656 a------- c:\windows\system32\kbd106n.dll

2008-12-24 11:03 988,216 a------- c:\windows\system32\winload.exe

2008-12-24 11:03 927,288 a------- c:\windows\system32\winresume.exe

2008-12-24 11:03 615,992 a------- c:\windows\system32\ci.dll

2008-12-24 11:03 378,368 a------- c:\windows\system32\srcore.dll

2008-12-24 11:03 318,464 a------- c:\windows\system32\rstrui.exe

2008-12-24 11:03 46,592 a------- c:\windows\system32\setbcdlocale.dll

2008-12-24 11:03 40,960 a------- c:\windows\system32\srclient.dll

2008-12-24 11:03 19,000 a------- c:\windows\system32\kd1394.dll

2008-12-24 11:03 14,848 a------- c:\windows\system32\srdelayed.exe

2008-12-16 03:42 288,768 a------- c:\windows\system32\drivers\srv.sys

2008-12-07 21:26 170,608 a------- c:\windows\system32\drivers\ssidrv.sys

2008-12-07 21:26 23,152 a------- c:\windows\system32\drivers\sshrmd.sys

2008-12-07 21:26 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys

2008-04-25 23:58 294,254 a------- c:\windows\inf\perflib414\perfi.dat

2008-04-25 23:58 294,254 a------- c:\windows\inf\perflib414\perfh.dat

2008-04-25 23:58 35,166 a------- c:\windows\inf\perflib414\perfd.dat

2008-04-25 23:58 35,166 a------- c:\windows\inf\perflib414\perfc.dat

2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfi.dat

2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfh.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfd.dat

2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfc.dat

 

============= FINISH: 20:55:18,92 ===============

[norbat]

Klarer ikke å se noe spesielt i loggen.

Har du fortsatt problemer med msn?

[McGrath]

Ja. Jeg trodde det var borte for jeg var online og den sendte ingenting, men så logga jeg meg på igjen etter en restart og da begynte den å sende igjen. Jeg veit detta både gjennom skjermen og antall meldinger jeg fikk fra folk på mobilen som lurte hva drit jeg sendte

 

Før jeg kom online her og spurte om hjelp, så sletta jeg Windows Live Messenger da. Veit ikke om det har noen innvirkning.

[norbat]

Last ned MSNFix, og pakk det ut på skrivebordet.

Kjør filen 'MSNFix.bat'. Følg veiledningen

[McGrath]

Jeg lastet det ned, men jeg skjønner ikke helt hva det skal gjøre. Jeg trykka språk, så får jeg alternativet Fjern eller Avslutt. Når man velger Fjern så finner det ingenting. Det står bare ingen tilgang.

[norbat]

Kjør gjennom veiledningen og post loggene her i din egen tråd.

[McGrath]

Første scan. Den fant 1 malware (eller noe).

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1712

Windows 6.0.6001 Service Pack 1

 

31.01.2009 18:08:40

mbam-log-2009-01-31 (18-08-40).txt

 

Skanntype: Rask Skann

Objekter skannet: 52169

Tid tilbakelagt: 5 minute(s), 27 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\Tarjei\AppData\Local\Temp\IXP000.TMP\HEHEPI~1.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Neste scan.

 

ComboFix 09-01-21.04 - Tarjei 2009-01-31 18:12:02.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1044.18.2013.817 [GMT 1:00]

Kjører fra: c:\users\Tarjei\Downloads\ComboFix.exe

FW: Webroot Internet Security Essentials *disabled*

* Resident AV is active

 

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

Q:\Autorun.inf

S:\Autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-31 )))))))))))))))))))))))))))))))))

.

 

2009-01-31 18:02 . 2009-01-31 18:02 <DIR> d-------- c:\users\Tarjei\AppData\Roaming\Malwarebytes

2009-01-31 18:01 . 2009-01-31 18:01 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-01-31 18:01 . 2009-01-31 18:01 <DIR> d-------- c:\programdata\Malwarebytes

2009-01-31 18:01 . 2009-01-31 18:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 18:01 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-31 18:01 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-31 16:33 . 2009-01-31 16:33 <DIR> d-------- c:\program files\Veetle

2009-01-31 16:33 . 2009-01-31 16:33 48,913 --a------ c:\windows\UninstVeetleTVPlayer.exe

2009-01-31 16:02 . 2009-01-31 16:02 <DIR> d-------- c:\users\All Users\TVU Networks

2009-01-31 16:02 . 2009-01-31 16:02 <DIR> d-------- c:\programdata\TVU Networks

2009-01-31 00:53 . 2009-01-31 16:03 <DIR> d-------- c:\program files\Windows Live Safety Center

2009-01-30 21:49 . 2009-01-30 21:49 <DIR> d-------- c:\program files\Pidgin

2009-01-30 21:49 . 2009-01-30 21:49 <DIR> d-------- c:\program files\Common Files\GTK

2009-01-30 17:08 . 2009-01-30 17:08 <DIR> d-------- c:\users\Tarjei\Bluetooth Software

2009-01-30 17:00 . 2008-12-10 13:41 1,048,576 -r-h----- C:\BOXSTER.BIN

2009-01-29 18:47 . 2009-01-29 18:47 <DIR> d-------- c:\users\Tarjei\AppData\Roaming\OpenOffice.org

2009-01-29 18:40 . 2009-01-29 18:40 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-01-27 17:24 . 2009-01-27 17:24 <DIR> d-------- C:\Lenovo

2009-01-26 20:15 . 2008-07-11 10:47 48,192 --a------ c:\windows\System32\drivers\tvtumon.sys

2009-01-26 20:03 . 2009-01-26 20:03 584 --a------ c:\windows\System32\InstallUtil.InstallLog

2009-01-26 16:15 . 2009-01-26 16:15 <DIR> d-------- c:\users\Tarjei\AppData\Roaming\Webroot

2009-01-26 16:15 . 2009-01-26 16:27 <DIR> d-------- c:\users\All Users\Webroot

2009-01-26 16:15 . 2009-01-26 16:27 <DIR> d-------- c:\programdata\Webroot

2009-01-26 16:15 . 2009-01-26 16:15 <DIR> d-------- c:\program files\Webroot

2009-01-26 16:15 . 2009-01-26 16:15 <DIR> d-------- C:\Binaries

2009-01-26 16:15 . 2009-01-20 09:07 1,553,272 --a------ c:\windows\WRSetup.dll

2009-01-26 16:14 . 2009-01-26 16:14 164 --a------ C:\install.dat

2009-01-25 21:45 . 2009-01-25 21:45 27,261 --a------ C:\empsiklasttrace.xml

2009-01-25 21:31 . 2009-01-25 21:31 <DIR> d-------- c:\users\All Users\Symantec

2009-01-25 21:31 . 2009-01-25 21:31 <DIR> d-------- c:\programdata\Symantec

2009-01-25 04:15 . 2009-01-25 04:15 <DIR> d-------- c:\program files\CCleaner

2009-01-24 22:23 . 2009-01-24 22:23 <DIR> d-------- c:\program files\Google

2009-01-24 18:11 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll

2009-01-24 17:58 . 2009-01-24 17:58 <DIR> d-------- c:\windows\SQL9_KB954606_ENU

2009-01-24 17:57 . 2009-01-24 17:57 <DIR> d-------- c:\program files\MSXML 4.0

2009-01-24 16:12 . 2009-01-24 16:12 <DIR> d-------- c:\users\All Users\WindowsSearch

2009-01-24 16:12 . 2009-01-24 16:12 <DIR> d-------- c:\programdata\WindowsSearch

2009-01-24 15:42 . 2009-01-24 15:42 <DIR> d-------- C:\81ce48bdb7f9b5549000

2009-01-24 15:14 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2009-01-24 15:14 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2009-01-24 15:14 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll

2009-01-24 15:14 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2009-01-24 15:14 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2009-01-24 15:14 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2009-01-24 14:55 . 2009-01-24 14:55 <DIR> d-------- C:\swwork

2009-01-24 04:49 . 2009-01-23 22:20 <DIR> dr------- c:\users\Tarjei\Videos

2009-01-24 04:49 . 2009-01-29 16:23 <DIR> dr------- c:\users\Tarjei\Saved Games

2009-01-24 04:49 . 2008-12-24 11:31 <DIR> d-------- c:\users\Tarjei\Roaming

2009-01-24 04:49 . 2009-01-26 18:01 <DIR> dr------- c:\users\Tarjei\Pictures

2009-01-24 04:49 . 2009-01-23 22:20 <DIR> dr------- c:\users\Tarjei\Music

2009-01-24 04:49 . 2009-01-23 22:20 <DIR> dr------- c:\users\Tarjei\Links

2009-01-24 04:49 . 2009-01-31 18:10 <DIR> dr------- c:\users\Tarjei\Downloads

2009-01-24 04:49 . 2009-01-30 17:08 <DIR> dr------- c:\users\Tarjei\Documents

2009-01-24 04:49 . 2009-01-24 04:49 <DIR> d--h----- c:\users\Tarjei\AppData

2009-01-24 04:49 . 2009-01-30 17:08 <DIR> d-------- c:\users\Tarjei

2009-01-24 00:52 . 2009-01-24 00:52 <DIR> d-------- c:\users\Tarjei\AppData\Roaming\Sports Interactive

2009-01-24 00:51 . 2009-01-24 00:51 <DIR> d-------- c:\users\All Users\Sports Interactive

2009-01-24 00:51 . 2009-01-24 00:51 <DIR> d-------- c:\programdata\Sports Interactive

2009-01-24 00:50 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-01-24 00:41 . 2009-01-24 00:41 <DIR> d-------- c:\users\All Users\Media Center Programs

2009-01-24 00:41 . 2009-01-24 00:41 <DIR> d-------- c:\programdata\Media Center Programs

2009-01-24 00:31 . 2009-01-24 14:53 <DIR> d-------- c:\program files\Common Files\Steam

2009-01-24 00:30 . 2009-01-24 00:30 <DIR> d--h----- c:\users\Tarjei\InstallAnywhere

2009-01-24 00:30 . 2009-01-24 00:31 <DIR> d--h----- c:\program files\Zero G Registry

2009-01-24 00:30 . 2009-01-24 00:30 <DIR> d-------- c:\program files\Sports Interactive

2009-01-23 23:56 . 2009-01-30 20:35 <DIR> d-------- c:\users\Tarjei\Tracing

2009-01-23 23:55 . 2009-01-23 23:55 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-23 23:55 . 2009-01-30 17:05 <DIR> d-------- c:\program files\Microsoft

2009-01-23 23:49 . 2009-01-23 23:49 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-01-23 23:36 . 2009-01-23 23:36 410,984 --a------ c:\windows\System32\deploytk.dll

2009-01-23 23:05 . 2009-01-24 19:02 <DIR> d-------- c:\users\All Users\Adobe

2009-01-23 23:05 . 2009-01-24 19:02 <DIR> d-------- c:\program files\Common Files\Adobe

2009-01-23 22:20 . 2009-01-23 22:20 <DIR> dr------- c:\users\Tarjei\Searches

2009-01-23 22:19 . 2009-01-23 22:19 <DIR> dr------- c:\users\Tarjei\Contacts

2009-01-23 22:17 . 2009-01-23 23:56 <DIR> d-------- c:\program files\Windows Live Toolbar

2009-01-23 22:17 . 2009-01-23 22:17 10 --a------ c:\windows\System32\firstboot.lgl

2009-01-23 22:11 . 2009-01-23 22:20 <DIR> d-------- c:\users\Tarjei\AppData\Roaming\Lenovo

2009-01-23 22:03 . 2009-01-25 13:38 <DIR> d-------- c:\users\All Users\SiteAdvisor

2009-01-23 22:03 . 2009-01-25 13:38 <DIR> d-------- c:\programdata\SiteAdvisor

2009-01-23 22:03 . 2009-01-31 03:40 12,183 --a------ c:\windows\System32\Config.MPF

2009-01-23 22:02 . 2009-01-23 22:02 <DIR> d-------- c:\program files\McAfee.com

2009-01-23 22:02 . 2009-01-30 17:05 <DIR> d-------- c:\program files\McAfee

2009-01-23 22:02 . 2009-01-23 22:02 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-23 22:02 . 2007-11-22 06:44 201,320 --a------ c:\windows\System32\drivers\mfehidk.sys

2009-01-23 22:02 . 2007-07-13 09:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys

2009-01-23 22:02 . 2007-11-22 06:44 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys

2009-01-23 22:02 . 2007-12-02 12:51 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys

2009-01-23 22:02 . 2007-11-22 06:44 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys

2009-01-23 22:02 . 2007-11-22 06:44 33,832 --a------ c:\windows\System32\drivers\mferkdk.sys

2009-01-23 21:59 . 2009-01-24 22:04 <DIR> d-------- c:\users\All Users\McAfee

2009-01-23 21:59 . 2009-01-24 22:04 <DIR> d-------- c:\programdata\McAfee

2009-01-23 21:58 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2009-01-23 21:58 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2009-01-23 21:58 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2009-01-23 21:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2009-01-23 21:58 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2009-01-23 21:58 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2009-01-23 21:58 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2009-01-23 21:58 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2009-01-23 21:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-12-24 12:18 . 2008-07-17 06:47 89,088 --a------ c:\windows\System32\drivers\sdbus.sys

2008-12-24 12:17 . 2008-12-24 12:17 <DIR> d-------- c:\program files\Microsoft Office Suite Activation Assistant

2008-12-24 12:13 . 2008-12-24 12:13 <DIR> d-------- c:\users\All Users\Ericsson

2008-12-24 12:13 . 2008-12-24 12:13 <DIR> d-------- c:\programdata\Ericsson

2008-12-24 12:08 . 2008-04-17 03:32 2,134,528 --a------ c:\windows\System32\FunctionDiscoveryFolder.dll

2008-12-24 12:07 . 2008-12-24 12:08 <DIR> d-------- c:\program files\Microsoft Small Business

2008-12-24 12:05 . 2009-01-24 17:59 <DIR> d-------- c:\program files\Microsoft SQL Server

2008-12-24 12:04 . 2008-12-24 12:04 <DIR> d-------- c:\windows\PCHEALTH

2008-12-24 12:04 . 2008-12-24 12:06 <DIR> d-------- c:\program files\Microsoft.NET

2008-12-24 12:04 . 2008-12-24 12:04 <DIR> d-------- c:\program files\Microsoft Works

2008-12-24 12:01 . 2009-01-24 18:18 <DIR> d-------- c:\users\All Users\Microsoft Help

2008-12-24 12:01 . 2009-01-24 18:18 <DIR> d-------- c:\programdata\Microsoft Help

2008-12-24 12:00 . 2008-12-24 12:00 <DIR> dr-h----- C:\MSOCache

2008-12-24 11:55 . <DIR> C:\RRbackups

2008-12-24 11:52 . 2008-12-24 11:51 129,784 --------- c:\windows\System32\pxafs.dll

2008-12-24 11:52 . 2008-12-24 11:51 118,520 --------- c:\windows\System32\pxinsi64.exe

2008-12-24 11:52 . 2008-12-24 11:51 116,472 --------- c:\windows\System32\pxcpyi64.exe

2008-12-24 11:51 . 2008-12-24 11:57 <DIR> d-------- c:\windows\Downloaded Installations

2008-12-24 11:51 . 2008-12-24 12:00 <DIR> d-------- c:\users\All Users\PC-Doctor

2008-12-24 11:51 . 2008-12-24 12:00 <DIR> d-------- c:\programdata\PC-Doctor

2008-12-24 11:51 . 2008-12-24 11:51 <DIR> d-------- c:\program files\Verizon Wireless

2008-12-24 11:51 . 2008-12-24 11:51 33,536 --a------ c:\windows\System32\drivers\tvtfilter.sys

2008-12-24 11:51 . 2008-12-24 11:51 30,144 --a------ c:\windows\System32\drivers\psadd.sys

2008-12-24 11:50 . 2009-01-25 03:12 <DIR> d-------- c:\program files\PCDR5

2008-12-24 11:50 . 2008-10-26 18:37 111,904 --------- c:\windows\PWMBTHLV.EXE

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-24 17:20 --------- d-----w c:\program files\Windows Mail

2008-12-24 10:29 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01007.Wdf

2008-12-24 10:14 625,152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys

2008-12-24 10:14 565,248 ----a-w c:\windows\System32\emdmgmt.dll

2008-12-24 10:14 45,056 ----a-w c:\windows\System32\dataclen.dll

2008-12-24 10:14 36,864 ----a-w c:\windows\System32\cdd.dll

2008-12-24 10:14 148,480 ----a-w c:\windows\system32\drivers\nwifi.sys

2008-12-24 10:10 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL

2008-12-24 10:10 303,616 ----a-w c:\windows\System32\wmpeffects.dll

2008-12-24 10:09 885,248 ----a-w c:\windows\System32\RacEngn.dll

2008-12-24 10:09 784,896 ----a-w c:\windows\System32\rpcrt4.dll

2008-12-24 10:09 72,192 ----a-w c:\windows\system32\drivers\pacer.sys

2008-12-24 10:09 15,360 ----a-w c:\windows\System32\pacerprf.dll

2008-12-24 10:08 90,112 ----a-w c:\windows\System32\wshext.dll

2008-12-24 10:08 430,080 ----a-w c:\windows\System32\vbscript.dll

2008-12-24 10:08 180,224 ----a-w c:\windows\System32\scrobj.dll

2008-12-24 10:08 172,032 ----a-w c:\windows\System32\scrrun.dll

2008-12-24 10:08 155,648 ----a-w c:\windows\System32\wscript.exe

2008-12-24 10:08 135,168 ----a-w c:\windows\System32\cscript.exe

2008-12-24 10:05 529,464 ----a-w c:\windows\system32\drivers\ndis.sys

2008-12-24 10:03 988,216 ----a-w c:\windows\System32\winload.exe

2008-12-24 10:03 927,288 ----a-w c:\windows\System32\winresume.exe

2008-12-24 10:03 615,992 ----a-w c:\windows\System32\ci.dll

2008-12-24 10:03 6,656 ----a-w c:\windows\System32\kbd106n.dll

2008-12-24 10:03 46,592 ----a-w c:\windows\System32\setbcdlocale.dll

2008-12-24 10:03 40,960 ----a-w c:\windows\System32\srclient.dll

2008-12-24 10:03 378,368 ----a-w c:\windows\System32\srcore.dll

2008-12-24 10:03 318,464 ----a-w c:\windows\System32\rstrui.exe

2008-12-24 10:03 19,000 ----a-w c:\windows\System32\kd1394.dll

2008-12-24 10:03 14,848 ----a-w c:\windows\System32\srdelayed.exe

2008-12-16 02:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]

"TpShocks"="c:\windows\system32\TpShocks.exe" [2008-06-07 181536]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]

"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]

"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]

"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]

"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-31 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 145944]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-01-20 6278520]

 

c:\users\Tarjei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-03-17 752168]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2008-06-25 02:31 95496 c:\windows\System32\psqlpwd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{E21697DD-387B-4C20-8077-9D6E2A9182D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{61277D55-0FED-480A-9A10-9B5F2C56810E}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{88140BD1-E255-4DFE-8B4B-17E08C020865}"= UDP:c:\users\Tarjei\Saved Games\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009

"{60EFF5D8-9320-4275-A138-45FEC281CD3A}"= TCP:c:\users\Tarjei\Saved Games\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [2008-05-15 114728]

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [2008-12-07 29808]

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2008-05-15 19496]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-20 13480]

R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [2008-12-24 12080]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-12-24 29736]

R3 DCamUSBGene;Integrated Camera;c:\windows\System32\drivers\USBSTK.sys [2008-12-24 173584]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2008-06-30 112128]

R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\System32\drivers\lnvobus.sys [2008-12-24 302464]

R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\System32\drivers\lnvocard.sys [2008-12-24 378496]

R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\System32\drivers\lnvogps.sys [2008-12-24 76328]

R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\System32\drivers\lnvomdfl.sys [2008-12-24 15104]

R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\System32\drivers\lnvomdfl2.sys [2008-12-24 15104]

R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\System32\drivers\lnvomdm.sys [2008-12-24 387072]

R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\System32\drivers\lnvomdm2.sys [2008-12-24 431488]

R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\System32\drivers\lnvond5.sys [2008-12-24 25984]

R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\System32\drivers\lnvounic.sys [2008-12-24 402944]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-31 38496]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-08-29 3664384]

R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\System32\drivers\lnvoscard.sys [2008-12-24 24232]

R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [2008-12-24 36864]

R4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]

R4 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2008-12-24 208896]

R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-24 203280]

R4 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-06-25 12560]

R4 TPHKSVC;Visning på skjermen;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2008-09-24 58736]

R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-25 520192]

R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-01-26 1090936]

S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2009-01-26 48192]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-08-05 29184016]

S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-25 360448]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - MBAMSWISSARMY

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7278fc6c-d1a4-11dd-a483-806e6f6e6963}]

\shell\AutoRun\command - Q:\LenovoQDrive.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85bde8d7-d199-11dd-a1ab-0023544b2eb7}]

\shell\AutoRun\command - S:\LenovoSDrive.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-01-23 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2009-01-23 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2009-01-30 c:\windows\Tasks\wrSpySweeper_LF07B69E0272F4861A487658436268C8B.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-20 09:08]

 

2009-01-30 c:\windows\Tasks\wrSpySweeper_LF07B69E0272F4861A487658436268C8B.job

- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-01-20 09:08]

 

2009-01-30 c:\windows\Tasks\wrSpySweeper_LF07B69E0272F4861A487658436268C8B.job

- C:\ [2009-01-31 18:11]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-<NO NAME> - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://lenovo.live.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send bilde til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

FF - ProfilePath - c:\users\Tarjei\AppData\Roaming\Mozilla\Firefox\Profiles\qgksxoe8.default\

FF - prefs.js: browser.startup.homepage - www.startsiden.no

FF - component: c:\program files\Lenovo\Client Security Solution\PWM Firefox Extension\components\tvtpwm_moz_xpcom.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\Veetle\VLC\npvlc.dll

FF - plugin: c:\users\Tarjei\AppData\Roaming\Mozilla\Firefox\Profiles\qgksxoe8.default\extensions\[email protected]\plugins\npTVUAx.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 18:12:27

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'lsass.exe'(700)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

Tidspunkt ferdig: 2009-01-31 18:15:02

ComboFix-quarantined-files.txt 2009-01-31 17:14:58

 

Pre-Run: 124 798 173 184 byte ledig

Post-Run: 124,904,333,312 byte ledig

 

336 --- E O F --- 2009-01-24 17:19:04

 

Veit ikke om det betyr noe, men jeg testa en MSN anti-virus scanner på deres hjemmeside, og den fant 6 bugs av noen slag, men når jeg skulle fjerne dem så flippa programmet. Det var en beta greie.

Endret 31. januar 2009 av McGrath

[norbat]

Og du har fortsatt problemer med msn?

 

Hvis, hvilken melding er det den sender ut?

 

Dette som MBAM fant stammer fra infeksjonen:

C:\Users\brukernavn\AppData\Local\Temp\IXP000.TMP\HEHEPI~1.EXE

 

-men resten som følger med, ligger ikke på pc'n din nå.

Endret 31. januar 2009 av norbat

[McGrath]

Jeg veit ikke. Etter andre forsøk og den fortsatte å sende ei pakke til kontaktene mine, så sletta jeg programmet.

 

Jeg kan godt legge det inn igjen, men jeg er redd det kommer til å spamme alle folka jeg kjenner med engang.

 

Men hvordan har det seg at Anti-Virusen til MSN si hjemmeside finner 6 trusler og det greiene jeg har kjørt hittil bare fant en?

[norbat]

Hvilket program er det du refererer til og hva var navnet/plasseringen på de filene dette programmet fant (og slettet?)

[McGrath]

Jeg veit ikke om jeg skjønner helt hva du mener, men jeg skal prøve å forklare.

 

Windows Live Messenger sender/sendte pakker til kontaktene mine. Det kom visuelt opp som sånne "dunkene" anonyme flash bevegelser midt på skjermen. Deretter la det seg ei fil i mitt området under ei mappe some heter "Tracer".

 

Det er seriøst alt jeg veit. :/

 

Jeg synes det er litt rart at http://onecare.live.com/site/en-us/center/howsafe.htm tjenesten finner så mange flere trusler enn alt annet jeg har prøvd. McAfee'n min f.eks. finner ingenting.

Endret 31. januar 2009 av McGrath

[norbat]

Husker du hva Onecare fant?

[McGrath]

Gi meg et par timer. Har tjue minutter på å rekke toget!

[McGrath]

Jeg husker ikke hva det stod direkte, men jeg kan ta scannen for tredje gang. Den tar lang tid dessverre. Synd at den bugger i det den skal fjerne det. Jeg kan prøve en gang til.

[norbat]

Du kunne forsøke å se om det ligger igjen noen mapper etter MSN. Hvis, så sletter du disse og installerer ny msn.

 

Typisk plassering er i mappa c:\programfiler

Endret 31. januar 2009 av norbat

[Økotufs]

Da jeg fikk et msn-virus, noe av det samme du snakker om, lastet jeg ned dette virusprogrammet. Det er gratis og kvitter seg med det meste. fikset mitt. Det heter Search and Destroy.

 

http://www.download.com/Spybot-Search-amp-...4-10122137.html