Korka Skrevet 1. mai 2008 Rapporter Del Skrevet 1. mai 2008 Hei En kamerat av meg trenger hjelp til å fjerne en del spyware fra pcen... Legger ved logg fra Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:32, on 01.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PMSveH.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\system32\PMHandler.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\vsnp2std.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\lmjevmfm.exe C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\Programfiler\opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Harald\Mine dokumenter\Mine bilder\Harald\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/no/no R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Programfiler\PC-Antispyware\IeExtension.dll (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DVA Gate - {A0F0C444-BB34-47EC-9223-F9EBEE49EF34} - C:\WINDOWS\gndarmblrnd.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton-verktøylinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: wxdbpfvo - {12D9C292-AA92-4A22-AE81-3B2C4E42AE99} - C:\WINDOWS\wxdbpfvo.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sxiotnez] C:\WINDOWS\system32\lmjevmfm.exe O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Programfiler\VirusIsolator\VirusIsolator.exe O4 - HKLM\..\Policies\Explorer\Run: [07m7IVYQUU] C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: .protected O4 - Startup: IMVU.lnk = C:\Programfiler\IMVU\IMVUClient.exe O4 - Global Startup: .protected O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk136YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Harald\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/no/no O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab50997.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O21 - SSODL: bdkpfxqw - {A251D6D7-6D50-462F-94A8-0A6692F2B652} - C:\WINDOWS\bdkpfxqw.dll O21 - SSODL: qadovnel - {7A688323-DC8C-4E4D-B573-FB19BBA67310} - C:\WINDOWS\qadovnel.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe -- End of file - 18110 bytes Lenke til kommentar
norbat Skrevet 1. mai 2008 Rapporter Del Skrevet 1. mai 2008 Kjør gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Loggene det spørres etter poster du her i din egen tråd, så tar vi det deretter. Lenke til kommentar
Korka Skrevet 1. mai 2008 Forfatter Rapporter Del Skrevet 1. mai 2008 ComboFix 08-04-29.5 - Harald 2008-05-01 20:45:25.1 - NTFSx86 Running from: C:\Documents and Settings\Harald\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.protected C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\.protected C:\Documents and Settings\Harald\Favoritter\Error Cleaner.url C:\Documents and Settings\Harald\Favoritter\Privacy Protector.url C:\Documents and Settings\Harald\Favoritter\Spyware&Malware Protection.url C:\Documents and Settings\Harald\Skrivebord\Error Cleaner.url C:\Documents and Settings\Harald\Skrivebord\Privacy Protector.url C:\Documents and Settings\Harald\Skrivebord\Spyware&Malware Protection.url C:\Documents and Settings\Harald\Start-meny\Programmer\Oppstart\.protected C:\WINDOWS\.protected C:\WINDOWS\a.bat C:\WINDOWS\bdkpfxqw.dll C:\WINDOWS\images.zip C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\qadovnel.dll C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\drivers\etc\.protected C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\Web\def.htm . ((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))) . 2008-05-01 19:28 . 2008-05-01 19:28 d-------- C:\Programfiler\SUPERAntiSpyware 2008-05-01 19:28 . 2008-05-01 19:28 d-------- C:\Documents and Settings\Harald\Programdata\SUPERAntiSpyware.com 2008-05-01 19:28 . 2008-05-01 19:28 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-04-30 09:14 . 2008-04-30 09:15 d-------- C:\WINDOWS\system32\NtmsData 2008-04-29 21:48 . 2008-04-29 21:48 94,208 --a------ C:\WINDOWS\system32\mzgbypwf.exe 2008-04-28 17:11 . 2008-04-28 22:41 d-------- C:\Documents and Settings\Harald\Programdata\TmpRecentIcons 2008-04-28 15:26 . 2008-04-28 15:26 d-------- C:\Documents and Settings\All Users\Programdata\lubclorq 2008-04-17 20:14 . 2008-04-17 20:17 d-------- C:\Documents and Settings\All Users\Programdata\TrackMania . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-01 18:51 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-01 17:49 --------- d-----w C:\Programfiler\Steam 2008-05-01 17:27 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-05-01 10:17 --------- d-----w C:\Programfiler\LimeWire 2008-04-30 20:49 --------- d-----w C:\Programfiler\SSR logo 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\winlogonpc.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\taack.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\temp#01.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\ssurf022.dll 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\ps1.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\netode.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\mwin32.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\mtr2.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\msnbho.dll 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\msgp.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.exe 2008-04-29 19:51 4,096 ----a-w C:\WINDOWS\system32\hoproxy.dll 2008-04-29 15:21 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-04-28 13:26 110,592 ----a-w C:\WINDOWS\system32\lmjevmfm.exe 2008-04-27 15:43 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS 2008-04-15 18:56 --------- d-----w C:\Documents and Settings\Harald\Programdata\Skype 2008-04-12 21:28 --------- d-----w C:\Programfiler\MSN Messenger 2008-04-12 20:28 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-04-12 20:21 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-12 20:17 --------- d-----w C:\Programfiler\Covey Inc 2008-04-04 19:36 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-12 20:46 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-03-12 20:46 --------- d-----w C:\Documents and Settings\Harald\Programdata\HP 2008-03-12 20:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\HP 2008-03-12 20:42 --------- d-----w C:\Programfiler\Fellesfiler\Sonic Shared 2008-03-12 20:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Sonic 2008-03-12 20:41 --------- d-----w C:\Programfiler\Fellesfiler\HP 2008-03-12 20:35 --------- d-----w C:\Programfiler\Fellesfiler\Hewlett-Packard 2008-03-12 20:17 --------- d-----w C:\Programfiler\HP 2008-03-10 20:51 --------- d-----w C:\Documents and Settings\Ivar\Programdata\InterVideo 2008-03-08 18:09 --------- d-----w C:\Documents and Settings\Harald\Programdata\dvdcss 2008-03-01 16:35 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-01-12 01:22 21,216,112 ----a-w C:\Programfiler\aaw2007.exe 2007-11-16 18:27 7,745,128 ----a-w C:\Programfiler\BuildalotSetup.exe 2007-10-19 13:07 142,830 ----a-w C:\Programfiler\Cy9c_the_Movie_BETA.rar 2007-08-17 14:40 9,679,815 ----a-w C:\Programfiler\vlc-0.8.6c-win32.exe 2007-08-17 14:18 6,498,440 ----a-w C:\Programfiler\Opera_9.23_International_Setup.exe 2007-08-09 17:03 1,442,480 ----a-w C:\Programfiler\RegCureSetup_46e.exe 2007-07-13 16:09 2,223,653 ----a-w C:\Programfiler\mpc2kxp6490.zip 2007-07-13 16:08 3,499,729 ----a-w C:\Programfiler\ffdshow_rev610_20061201_clsid.exe 2007-07-13 15:47 14,514,490 ----a-w C:\Programfiler\TrackMania meets SSR.006.rar 2007-07-13 15:33 48,322,083 ----a-w C:\Programfiler\TrackMania meets SSR.005.rar 2007-07-13 15:33 47,301,433 ----a-w C:\Programfiler\TrackMania meets SSR.004.rar 2007-07-13 15:33 47,024,787 ----a-w C:\Programfiler\TrackMania meets SSR.003.rar 2007-07-13 15:32 46,742,125 ----a-w C:\Programfiler\TrackMania meets SSR.001.rar 2007-07-13 15:32 46,451,142 ----a-w C:\Programfiler\TrackMania meets SSR.002.rar 2007-07-13 15:15 4,050,169 ----a-w C:\Programfiler\ffdshow-rev1348_20070710.zip 2007-07-13 15:15 3,741,666 ----a-w C:\Programfiler\ffdshow-rev1349_20070710.zip 2007-07-13 14:58 4,266,572 ----a-w C:\Programfiler\ffdshow-rev1322_20070627_sse.zip 2007-07-11 19:39 10,893,440 ----a-w C:\Programfiler\InstallIMVU_379.2_full.exe 2007-07-11 19:21 1,164,456 ----a-w C:\Programfiler\install_flash_player.exe 2007-07-11 19:19 2,803,440 ----a-w C:\Programfiler\Shockwave_Installer_Slim.exe 2007-06-24 10:28 2,705,112 ----a-w C:\Programfiler\WebfettiSetup2.2.60.11-2.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}] C:\Programfiler\PC-Antispyware\IeExtension.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0F0C444-BB34-47EC-9223-F9EBEE49EF34}] C:\WINDOWS\gndarmblrnd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{12D9C292-AA92-4A22-AE81-3B2C4E42AE99}"= "C:\WINDOWS\wxdbpfvo.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{12d9c292-aa92-4a22-ae81-3b2c4e42ae99}] [HKEY_CLASSES_ROOT\wxdbpfvo.1] [HKEY_CLASSES_ROOT\TypeLib\{9757C62A-6530-4163-9259-20A5BAC478DF}] [HKEY_CLASSES_ROOT\wxdbpfvo] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 17:19 5728112] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 16:49 68856] "Steam"="C:\Programfiler\Steam\Steam.exe" [2008-03-28 09:21 1271032] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "sxiotnez"="C:\WINDOWS\system32\lmjevmfm.exe" [2008-04-28 15:26 110592] "VirusIsolator.exe"="C:\Programfiler\VirusIsolator\VirusIsolator.exe" [ ] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-04 17:33 7340032] "nwiz"="nwiz.exe" [2005-12-04 17:33 1519616 C:\WINDOWS\system32\nwiz.exe] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 17:58 761945] "Snarvei til egenskapsside for High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "TPHOTKEY"="C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-20 20:47 94208] "TPWAUDAP"="C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 08:29 24064] "PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-05-20 09:28 24576] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:50 88204 C:\WINDOWS\AGRSMMSG.exe] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 14:18 339968] "suScheduler"="C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 17:32 40960] "ISUSPM Startup"="c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "ISUSScheduler"="c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-28 00:20 2076672] "AMSG"="C:\Programfiler\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 20:36 507904] "LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 01:00 106496] "cssauthe"="C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 18:08 1988144] "Picasa Media Detector"="C:\Programfiler\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872] "DiskeeperSystray"="C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 10:55 196696] "Google Desktop Search"="C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-09 16:21 169472] "ACTray"="C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600] "ACWLIcon"="C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2006-09-05 19:22 26248] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [ ] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 23:14 188416] "HPHUPD05"="C:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 06:23 49152] "HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-21 06:19 483328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IETI"="C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe" [ ] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] HP Digital Imaging Monitor.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "07m7IVYQUU"= C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 2006-04-17 13:01 32768 C:\Programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-28 00:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 2005-12-20 20:46 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.DVSD"= pdvcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33] R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys [2005-12-21 14:09] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 16:35] R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-12-21 17:14] R2 smi2;smi2;C:\Programfiler\SMI2\smi2.sys [2005-12-21 16:45] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-10-17 16:16] S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys [] *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-25 18:29:11 C:\WINDOWS\Tasks\Norton Internet Security - Kjør fullstendig systemsøk - Harald.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exec/TASK: "2008-05-01 18:26:03 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2008-04-30 19:53:57 C:\WINDOWS\Tasks\WebReg 20080218211409.job" - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exeb/TaskName 20080218211409 /N "2008-04-30 19:53:57 C:\WINDOWS\Tasks\WebReg hp photosmart 7600 series.job" - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 20:51:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run VirusIsolator.exe = C:\Programfiler\VirusIsolator\VirusIsolator.exe????????????????????????????????????????????????????????????????????????????????????????????????????????e???????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll -> C:\Programfiler\ThinkPad\ConnectUtilities\ACHelper.dll -> C:\Program Files\Softex\OmniPass\opxpgina.dll -> C:\WINDOWS\system32\tphklock.dll . Completion time: 2008-05-01 20:54:38 ComboFix-quarantined-files.txt 2008-05-01 18:53:34 Pre-Run: 36,700,282,880 byte ledig Post-Run: 40,070,344,704 byte ledig 251 --- E O F --- 2008-04-09 16:06:33 Lenke til kommentar
Korka Skrevet 1. mai 2008 Forfatter Rapporter Del Skrevet 1. mai 2008 (endret) Her er hijackthis loggen... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:58:57, on 01.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PMSveH.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\IBM ThinkVantage\Common\Logger\logmon.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\system32\PMHandler.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\vsnp2std.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe C:\Programfiler\Picasa2\PicasaMediaDetector.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Steam\Steam.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\lmjevmfm.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Programfiler\Lenovo\Bluetooth Software\BTTray.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Harald\Skrivebord\test.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/no/no R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Programfiler\PC-Antispyware\IeExtension.dll (file missing) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DVA Gate - {A0F0C444-BB34-47EC-9223-F9EBEE49EF34} - C:\WINDOWS\gndarmblrnd.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: wxdbpfvo - {12D9C292-AA92-4A22-AE81-3B2C4E42AE99} - C:\WINDOWS\wxdbpfvo.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [snarvei til egenskapsside for High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TPWAUDAP] C:\Programfiler\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [suScheduler] C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "c:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [cssauthe] "C:\Programfiler\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ACTray] C:\Programfiler\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sxiotnez] C:\WINDOWS\system32\lmjevmfm.exe O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Programfiler\VirusIsolator\VirusIsolator.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [07m7IVYQUU] C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [iETI] C:\Programfiler\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O4 - Startup: IMVU.lnk = C:\Programfiler\IMVU\IMVUClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk136YYNO O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Harald\Start-meny\Programmer\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/no/no O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab50997.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TVT Backup Service - Unknown owner - C:\Programfiler\IBM ThinkVantage\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Unknown owner - C:\Programfiler\IBM ThinkVantage\Common\Scheduler\tvtsched.exe O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Programfiler\ThinkVantage\SystemUpdate\UCLauncherService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programfiler\Windows Live\installer\WLSetupSvc.exe -- End of file - 17592 bytes Endret 1. mai 2008 av Korka Lenke til kommentar
norbat Skrevet 1. mai 2008 Rapporter Del Skrevet 1. mai 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Programfiler\PC-Antispyware\IeExtension.dll (file missing) O2 - BHO: DVA Gate - {A0F0C444-BB34-47EC-9223-F9EBEE49EF34} - C:\WINDOWS\gndarmblrnd.dll (file missing) O3 - Toolbar: wxdbpfvo - {12D9C292-AA92-4A22-AE81-3B2C4E42AE99} - C:\WINDOWS\wxdbpfvo.dll (file missing) O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [sxiotnez] C:\WINDOWS\system32\lmjevmfm.exe O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Programfiler\VirusIsolator\VirusIsolator.exe O4 - HKLM\..\Policies\Explorer\Run: [07m7IVYQUU] C:\Documents and Settings\All Users\Programdata\lubclorq\laxwluvy.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk136YYNO O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\WINDOWS\system32\mzgbypwf.exe C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\ssurf022.dll C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\msnbho.dll C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\lmjevmfm.exe Folder:: C:\Documents and Settings\All Users\Programdata\lubclorq C:\Programfiler\VirusIsolator Post loggen + ny hjt-logg. Hvis det er kjørt SAS, så ønsker jeg å se loggen (preferences->statistics/logs). Hvis ikke, kjør en full scan med SAS. Endret 1. mai 2008 av norbat Lenke til kommentar
Korka Skrevet 1. mai 2008 Forfatter Rapporter Del Skrevet 1. mai 2008 Og skal gjøre det neste gang jeg er til kameraten min Lenke til kommentar
norbat Skrevet 1. mai 2008 Rapporter Del Skrevet 1. mai 2008 Vedkommende bør ikke bruke PC-en så mye på nett inntil dette er ordnet. Resultatet kan bli at det lastes ned flere infeksjoner og dere må starte fra begynnelsen igjen. Lenke til kommentar
Korka Skrevet 1. mai 2008 Forfatter Rapporter Del Skrevet 1. mai 2008 Oi...Jaja, han gikk å la seg for et par timer siden...Får høre med han senere... Takk! Får penger for dette, skulle gått til deg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå