Fikk virus, har prøvd å fikse det

[Cashmere]

Hei! Jeg fikk noe grusomt med både malware og spyware plus div keyloggere og det startet nedlastinger av noe som lignet på porno eller noe... Jeg har prøvd å fjerne dette med Search and Destroy, og nå popper det ikke opp mange vinduer hele tiden, men vil være sikker på at jeg har fått fjernet alt.

 

Kan noen her hjelpe meg?

[norbat]

Heisann,

Kjør gjennom veiledningen. Loggene det spørres etter, poster du her i din egen tråd.

[Cashmere]

Dette var MAM-loggen.

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 3

 

2008-10-23 21:20:55

mbam-log-2008-10-23 (21-20-55).txt

 

Skanntype: Rask Skann

Objekter skannet: 52423

Tid tilbakelagt: 3 minute(s), 58 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 8

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e93e17b4-060c-486a-bb8c-60a744b63c74} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{afa856c2-814d-4c97-8aa1-54b1e0b81b6a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bc3b23bb-d9da-46dc-a216-fcdd670cd2d0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bkqxdons.bwrs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bkqxdons.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\aetlsrknavf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Endret 23. oktober 2008 av Skagen
La loggen i spoiler.

[Cashmere]

Combofix

 

 

ComboFix 08-10-23.01 - eriher4 2008-10-23 21:24:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1284 [GMT 2:00]

Running from: C:\Documents and Settings\eriher4\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))

.

 

2008-10-23 21:14 . 2008-10-23 21:14 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-10-23 21:14 . 2008-10-23 21:14 <DIR> d-------- C:\Documents and Settings\eriher4\Programdata\Malwarebytes

2008-10-23 21:14 . 2008-10-23 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-10-23 21:14 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-23 21:14 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-23 19:01 . 2008-10-23 19:02 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy

2008-10-23 19:01 . 2008-10-23 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-10-23 18:42 . 2008-10-23 18:42 147 --a------ C:\dmp.db

2008-10-14 17:26 . 2008-10-14 17:26 <DIR> d-------- C:\Programfiler\Moo0

2008-10-08 20:40 . 2008-10-08 20:42 <DIR> d-------- C:\Documents and Settings\eriher4\Programdata\GrabIt

2008-10-08 19:54 . 2008-10-08 20:30 <DIR> d-------- C:\Documents and Settings\eriher4\Programdata\SuperNZB

2008-10-03 20:07 . 2008-10-03 20:07 <DIR> d-------- C:\Programfiler\Bersirc 2.2

2008-10-03 20:07 . 2008-10-03 20:07 <DIR> d-------- C:\Documents and Settings\eriher4\Programdata\Bersirc

2008-09-29 14:12 . 2008-09-29 14:12 <DIR> d-------- C:\Documents and Settings\eriher4\Programdata\Autograph

2008-09-29 14:04 . 2008-09-29 14:08 <DIR> d-------- C:\Programfiler\Fellesfiler\Autograph 3

2008-09-29 14:04 . 2008-09-29 14:10 <DIR> d-------- C:\Programfiler\Autograph 3.20

2008-09-29 11:30 . 2008-09-29 11:30 <DIR> d-------- C:\Programfiler\Messenger Plus! Live

2008-09-24 19:37 . 2008-10-23 21:27 613 --a------ C:\WINDOWS\system32\tversity.cookies

2008-09-24 19:36 . 2008-09-24 19:36 <DIR> d-------- C:\Programfiler\ffdshow

2008-09-24 19:36 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-09-24 19:36 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-09-24 19:36 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-09-24 19:35 . 2008-09-24 19:36 <DIR> d-------- C:\Programfiler\TVersity Codec Pack

2008-09-24 19:34 . 2008-09-24 19:34 <DIR> d-------- C:\Programfiler\TVersity

2008-09-24 19:29 . 2008-09-24 19:29 <DIR> d-------- C:\Programfiler\UnrealStreaming

2008-09-24 13:26 . 2008-09-24 13:26 236 --a------ C:\sqmdata09.sqm

2008-09-24 13:26 . 2008-09-24 13:26 200 --a------ C:\sqmnoopt09.sqm

2008-09-24 13:12 . 2008-09-24 13:12 <DIR> d-------- C:\Programfiler\YouTube Downloader

2008-09-24 10:36 . 2008-09-24 10:36 236 --a------ C:\sqmdata08.sqm

2008-09-24 10:36 . 2008-09-24 10:36 200 --a------ C:\sqmnoopt08.sqm

2008-09-23 16:36 . 2008-10-22 13:56 <DIR> d-------- C:\Programfiler\Windows Live Safety Center

2008-09-23 16:34 . 2008-09-23 16:34 236 --a------ C:\sqmdata07.sqm

2008-09-23 16:34 . 2008-09-23 16:34 200 --a------ C:\sqmnoopt07.sqm

2008-09-23 10:43 . 2008-09-23 10:43 236 --a------ C:\sqmdata06.sqm

2008-09-23 10:43 . 2008-09-23 10:43 200 --a------ C:\sqmnoopt06.sqm

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 19:29 --------- d-----w C:\Programfiler\Steam

2008-10-23 19:28 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-10-23 16:52 --------- d-----w C:\Documents and Settings\eriher4\Programdata\uTorrent

2008-10-22 16:38 --------- d-----w C:\Documents and Settings\eriher4\Programdata\LimeWire

2008-10-22 06:26 --------- d-----w C:\Programfiler\Clue

2008-10-21 15:57 --------- d-----w C:\Documents and Settings\eriher4\Programdata\Skype

2008-09-19 23:48 --------- d-----w C:\Programfiler\Windows Live

2008-09-19 23:47 --------- d-----w C:\Programfiler\Microsoft

2008-09-19 23:43 --------- d-----w C:\Programfiler\Fellesfiler\Windows Live

2008-09-17 16:26 --------- d-----w C:\Documents and Settings\eriher4\Programdata\vlc

2008-09-16 17:00 --------- d-----w C:\Programfiler\Hotspot Shield

2008-09-11 09:42 --------- d-----w C:\Programfiler\Elmore Software

2008-09-10 19:26 --------- d-----w C:\Documents and Settings\eriher4\Programdata\TrueCrypt

2008-09-10 19:23 235,840 ----a-w C:\WINDOWS\system32\drivers\truecrypt.sys

2008-09-10 19:23 --------- d-----w C:\Programfiler\TrueCrypt

2008-09-06 13:32 --------- d-----w C:\Programfiler\LimeWire

2008-09-04 20:03 56,344 ----a-w C:\WINDOWS\system32\drivers\fssfltr.sys

2008-09-04 18:57 --------- d-----w C:\Programfiler\Security Administrator

2008-09-02 16:48 --------- d-----w C:\Programfiler\uTorrent

2008-09-02 12:03 --------- d-----w C:\Programfiler\Microsoft Calculator Plus

2008-09-02 12:02 --------- d-----w C:\Documents and Settings\eriher4\Programdata\GetRightToGo

2008-09-01 14:35 65,118 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-09-01 14:35 6,118 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-08-30 22:36 --------- d-----w C:\Programfiler\Skype

2008-08-30 22:35 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype

2008-08-30 22:33 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-08-30 22:33 --------- d-----w C:\Programfiler\Fellesfiler\snpstd

2008-08-29 07:20 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-08-29 07:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-29 06:32 --------- d-----w C:\Programfiler\Maskin

2008-04-30 07:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat

.

 

------- Sigcheck -------

 

2008-02-16 11:32 665600 1c90da91115d96f6ba9c6328e44fb142 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll

2008-03-01 14:49 827392 49f00b84be5a82d0de6ab10b1fa93c32 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-23 06:21 827392 e6f5e344cb3d009498e923b9a0dba29c C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 17:42 827904 69fdf7a7ce0576d41c7277cb6f688e1e C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2004-08-04 14:00 655872 10f493204ebe9eaad8664819e97c36cf C:\WINDOWS\$NtUninstallKB947864$\wininet.dll

2008-02-16 11:05 658944 cd5fccaf5da4f8d4537360912280a510 C:\WINDOWS\ie7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 15:05 826368 5ba67869f780094ab4dbda4e336c7705 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

2008-04-23 06:22 826368 ccc72f4396db467c1bebb943338a0763 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 18:57 817152 47586d1cdb58831df019ef0f90f4dea5 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

2008-06-23 18:57 817152 47586d1cdb58831df019ef0f90f4dea5 C:\WINDOWS\system32\wininet.dll

2008-06-23 18:57 826368 3548f8bd78bec9901da371909d5afce2 C:\WINDOWS\system32\dllcache\wininet.dll

 

2008-04-14 09:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1033216 1a8e8cace017e1b143de91e11987ed39 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:24 1033216 2964b3f5e59f5d989252e2564a21a4c1 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-04 14:00 1032192 0b4a898de1aa20d133c91ba260e7a8a1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-14 09:22 976384 9e5bc741765c907f017e0b8b21052228 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

2008-01-23 18:34 68952 73393afdfd0045a7bef0242f801e9566 C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe

2008-01-23 18:34 68952 73393afdfd0045a7bef0242f801e9566 C:\WINDOWS\system32\wuauclt.exe

2008-01-23 18:34 53592 01d64a90525e6f8e2ab55497e87fb535 C:\WINDOWS\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2008-10-09 1410296]

"Google Update"="C:\Documents and Settings\eriher4\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

"UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPHOTKEY"="C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-05 141848]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-05 166424]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-05 137752]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032]

"PSQLLauncher"="C:\Programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 294912]

"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 208896]

"TPFNF7"="C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 413696]

"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]

"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-05-29 52840]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 143360]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 339968]

"00saskda"="C:\Programfiler\Security Administrator\newlock.exe" [2008-07-06 1453056]

"TpShocks"="TpShocks.exe" [2007-11-22 C:\WINDOWS\system32\TpShocks.exe]

 

C:\Documents and Settings\eriher4\Start-meny\Programmer\Oppstart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

"HideShutdownScripts"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

"HideLogonScripts"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"NoVisualStyleChoice"= 0 (0x0)

"NoColorChoice"= 0 (0x0)

"NoSizeChoice"= 0 (0x0)

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

"HideLogonScripts"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)

"NoAddPrinter"= 0 (0x0)

"NoDeletePrinter"= 0 (0x0)

"RestrictCpl"= 0 (0x0)

"DisallowCpl"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

"RestrictRun"= 0 (0x0)

"NoRecycleFiles"= 0 (0x0)

"ForceRecycleBinSize"= 0 (0x0)

"NoCustomizeWebView"= 0 (0x0)

"NoWinKeys"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"NoCustomizeThisFolder"= 0 (0x0)

"NoWebView"= 0 (0x0)

"DontShowSuperHidden"= 0 (0x0)

"NoOnlinePrintsWizard"= 0 (0x0)

"NoPublishingWizard"= 0 (0x0)

"NoSMConfigurePrograms"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoFavoritesMenu"= 0 (0x0)

"NoHelp"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoStartMenuMFUprogramsList"= 0 (0x0)

"NoStartMenuPinnedList"= 0 (0x0)

"NoUserNameInStartMenu"= 0 (0x0)

"NoStartMenuEjectPC"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

"ForceStartMenuLogoff"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

"NoDisconnect"= 0 (0x0)

"NoNtSecurity"= 0 (0x0)

"GreyMSIAds"= 0 (0x0)

"ForceMaxRecentDocs"= 0 (0x0)

"NoSMBalloonTip"= 0 (0x0)

"NoSMBalloonTips"= 0 (0x0)

"LockTaskbar"= 0 (0x0)

"HideSCAVolume"= 0 (0x0)

"HideSCANetwork"= 0 (0x0)

"HideSCAPower"= 0 (0x0)

"NoTaskGrouping"= 0 (0x0)

"NoWebServices"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoBandCustomize"= 0 (0x0)

"SpecifyDefaultButtons"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"EnforceShellExtensionSecurity"= 0 (0x0)

"NoLogOff"= 0 (0x0)

"NoRunasInstallPrompt"= 0 (0x0)

"PromptRunasInstallNetPath"= 1 (0x1)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoThumbnailCache"= 0 (0x0)

"ForceCopyAclwithFile"= 0 (0x0)

"StartRunNoHOMEPATH"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoThemesTab"= 0 (0x0)

"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

"NoChangeAnimation"= 0 (0x0)

"NoAddPrinter"= 0 (0x0)

"NoDeletePrinter"= 0 (0x0)

"RestrictCpl"= 0 (0x0)

"DisallowCpl"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

"RestrictRun"= 0 (0x0)

"DisallowRun"= 0 (0x0)

"NoRecycleFiles"= 0 (0x0)

"ForceRecycleBinSize"= 0 (0x0)

"NoCustomizeWebView"= 0 (0x0)

"NoWinKeys"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

"NoDFSTab"= 0 (0x0)

"NoInstrumentation"= 0 (0x0)

"NoCustomizeThisFolder"= 0 (0x0)

"NoWebView"= 0 (0x0)

"DontShowSuperHidden"= 0 (0x0)

"NoOnlinePrintsWizard"= 0 (0x0)

"NoPublishingWizard"= 0 (0x0)

"NoSMConfigurePrograms"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoFavoritesMenu"= 0 (0x0)

"NoHelp"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)

"NoStartMenuMFUprogramsList"= 0 (0x0)

"NoStartMenuPinnedList"= 0 (0x0)

"NoUserNameInStartMenu"= 0 (0x0)

"NoStartMenuMorePrograms"= 0 (0x0)

"NoStartMenuEjectPC"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)

"ForceStartMenuLogoff"= 0 (0x0)

"StartMenuLogoff"= 0 (0x0)

"NoStartMenuSubFolders"= 0 (0x0)

"NoDisconnect"= 0 (0x0)

"NoNtSecurity"= 0 (0x0)

"NoSetFolders"= 0 (0x0)

"GreyMSIAds"= 0 (0x0)

"ForceMaxRecentDocs"= 0 (0x0)

"NoSMBalloonTip"= 0 (0x0)

"NoSMBalloonTips"= 0 (0x0)

"LockTaskbar"= 0 (0x0)

"HideClock"= 0 (0x0)

"HideSCAVolume"= 0 (0x0)

"HideSCANetwork"= 0 (0x0)

"HideSCAPower"= 0 (0x0)

"NoTaskGrouping"= 0 (0x0)

"NoActiveDesktopChanges"= 0 (0x0)

"NoWebServices"= 0 (0x0)

"NoFileUrl"= 0 (0x0)

"NoBandCustomize"= 0 (0x0)

"NoToolbarCustomize"= 0 (0x0)

"SpecifyDefaultButtons"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"EnforceShellExtensionSecurity"= 0 (0x0)

"NoClose"= 0 (0x0)

"NoLogOff"= 0 (0x0)

"NoRunasInstallPrompt"= 0 (0x0)

"PromptRunasInstallNetPath"= 1 (0x1)

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 0 (0x0)

"NoDevMgrUpdate"= 0 (0x0)

"NoThumbnailCache"= 0 (0x0)

"ForceCopyAclwithFile"= 0 (0x0)

"StartRunNoHOMEPATH"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 16:37 34344 C:\Programfiler\Lenovo\HOTKEY\notifyf2.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2007-12-14 16:36 28672 C:\Programfiler\Lenovo\HOTKEY\tphklock.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=BBBP LA FIX.cmd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]

"Script"=Slett-Filer.cmd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-315611\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-315611\Scripts\Logon\1\0]

"Script"=OYG_elev.bat

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\TVersity\\Media Server\\MediaServer.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 103472]

R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 19504]

R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-11 4442]

R2 DeskSaverService;DeskSaverService;C:\Programfiler\Security Administrator\newlock.exe [2008-07-06 1453056]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

R2 smihlp;SMI Helper Driver (smihlp);C:\Programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]

R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]

S3 fsssvc;Windows Live Tryggere for familien;C:\Programfiler\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2008-08-13 40672]

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\eriher4\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-04 21:50]

 

2008-10-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

 

2008-10-23 C:\WINDOWS\Tasks\PMTask.job

- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-11 01:30]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\eriher4\Programdata\Mozilla\Firefox\Profiles\8kw3nkcg.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.no/webhp?hl=no|http://oyg.hfk.no/templates/SchoolFrontpage.aspx?id=2251|http://www.new.facebook.com/home.php?ref=logo|https://www.diskusjon.no/

FF -: plugin - C:\Documents and Settings\eriher4\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF -: plugin - C:\Programfiler\Real\Netscape6\nppl3260.dll

FF -: plugin - C:\Programfiler\Real\Netscape6\nprjplug.dll

FF -: plugin - C:\Programfiler\Real\Netscape6\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 21:28:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\TPHDEXLG.exe

C:\Programfiler\TVersity\Media Server\MediaServer.exe

C:\Programfiler\UPHClean\uphclean.exe

C:\Programfiler\Windows Media Player\wmpnetwk.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe

C:\Programfiler\Lenovo\ZOOM\TpScrex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Apoint2K\ApMsgFwd.exe

C:\Programfiler\Apoint2K\ApntEx.exe

C:\Programfiler\Symantec AntiVirus\DoScan.exe

.

**************************************************************************

.

Completion time: 2008-10-23 21:33:53 - machine was rebooted

ComboFix-quarantined-files.txt 2008-10-23 19:33:48

ComboFix2.txt 2008-10-23 19:09:59

 

Pre-Run: 73,208,676,352 byte ledig

Post-Run: 73,236,508,672 byte ledig

 

392 --- E O F --- 2008-09-23 06:38:57

 

Endret 23. oktober 2008 av Skagen
La loggen i spoiler.

[Cashmere]

HijackThis-logg:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:38, on 2008-10-23

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\Programfiler\Security Administrator\newlock.exe

C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\Programfiler\TVersity\Media Server\MediaServer.exe

C:\Programfiler\UPHClean\uphclean.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TpShocks.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\Lenovo\Zoom\TpScrex.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Programfiler\Apoint2K\ApMsgFwd.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\vsnpstd.exe

C:\Programfiler\Security Administrator\newlock.exe

C:\Programfiler\Steam\Steam.exe

C:\Documents and Settings\eriher4\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ISAFarm:8080/array.dll?Get.Routing.Script

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programfiler\ThinkVantage Fingerprint Software\launcher.exe" /startup

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [TPFNF7] C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [00saskda] "C:\Programfiler\Security Administrator\newlock.exe" saskda

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\eriher4\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207676639328

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O17 - HKLM\Software\..\Telephony: DomainName = hfk.vgs.no

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hfk.vgs.no

O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: DeskSaverService - Unknown owner - C:\Programfiler\Security Administrator\newlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programfiler\Hotspot Shield\bin\openvpnas.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Programfiler\TVersity\Media Server\MediaServer.exe

 

--

End of file - 9912 bytes

 

Endret 23. oktober 2008 av Skagen
La loggen i spoiler.

[norbat]

Ser greit ut.

Det er satt noen restriksjoner i 'Alternativer for internett', men dette er kanskje en skolepc der dette skal være aktivert?

[Cashmere]

Ja, dette er en skolepc. Skulle laste ned noen simpsons-episoder, men da jeg åpnet den ene episoden spratt det opp masse virus.

 

Så alt er fjernet? Ingen keyloggere og slikt?

[norbat]

Nei, loggene viser ingen tegn på noe malware. Malwarebytes fjernet det som var av slikt.

[Cashmere]

Ok, takk skal du ha! <3