Urbanlapp Skrevet 23. oktober 2008 Del Skrevet 23. oktober 2008 Får en advarsel på skjermen av og til, den sier at det er et skadelig program på maskinen. Har scannet maskinen i sikkerhetsmodus, men meldingen duket opp igjen! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:34:18, on 23.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\lulipofq.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\BitLord\BitLord.exe C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe C:\Documents and Settings\Dan\Skrivebord\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [{A59BC778-DFB6-5249-AB18-D3678680D918}] "C:\Documents and Settings\Dan\Mine dokumenter\MSCodec.1408.13.exe" /r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [utilset] C:\WINDOWS\system32\lulipofq.exe O4 - HKCU\..\Run: [AdmUtilChk] C:\WINDOWS\system32\hejqbuts.exe O4 - HKCU\..\Run: [chkwinadm] C:\WINDOWS\system32\rwzubmrw.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 10751 bytes Lenke til kommentar
norbat Skrevet 23. oktober 2008 Del Skrevet 23. oktober 2008 Kjør gjennom veiledningen Alle scanningene skal gjøre fra normalt tilstand. Post loggene det spørres etter, her i din egen tråd. Lenke til kommentar
Urbanlapp Skrevet 23. oktober 2008 Forfatter Del Skrevet 23. oktober 2008 Malwarebytes' Anti-Malware 1.30 Database versjon: 1310 Windows 5.1.2600 Service Pack 3 23.10.2008 22:23:51 mbam-log-2008-10-23 (22-23-42).txt Skanntype: Rask Skann Objekter skannet: 48994 Tid tilbakelagt: 5 minute(s), 44 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\utilset (Trojan.FakeAlert.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\admutilchk (Trojan.FakeAlert.H) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\lulipofq.exe (Trojan.FakeAlert.H) -> No action taken. C:\WINDOWS\system32\hejqbuts.exe (Trojan.FakeAlert.H) -> No action taken. ComboFix 08-10-23.01 - Dan 2008-10-23 22:35:44.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.494 [GMT 2:00] Running from: C:\Documents and Settings\Dan\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))))) . 2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Documents and Settings\Dan\Programdata\Malwarebytes 2008-10-23 22:16 . 2008-10-23 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-23 22:16 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-23 22:16 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-23 22:13 . 2008-10-23 22:33 <DIR> dr-h----- C:\Documents and Settings\Dan\Siste 2008-10-23 21:19 . 2008-10-15 18:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-23 17:22 . 2008-10-23 17:21 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-10-23 17:20 . 2008-10-23 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-10-23 12:11 . 2008-10-23 17:19 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-10-23 12:11 . 2007-12-02 18:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-10-23 12:11 . 2007-12-02 18:11 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-10-23 12:11 . 2008-10-23 17:20 <DIR> d-------- C:\Documents and Settings\Administrator 2008-10-22 09:59 . 2008-10-23 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\xchezyzg 2008-10-20 14:24 . 2008-10-20 14:24 <DIR> d-------- C:\Documents and Settings\Dan\Programdata\OpenOffice.org 2008-10-20 14:21 . 2008-10-20 14:21 <DIR> d-------- C:\Programfiler\OpenOffice.org 3 2008-10-15 10:09 . 2008-08-14 15:27 2,190,976 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 10:09 . 2008-08-14 15:27 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 10:09 . 2008-08-14 15:27 2,067,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 10:09 . 2008-08-14 15:27 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-15 09:21 . 2008-09-15 17:29 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 09:15 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-14 19:26 . 2008-10-23 22:39 2,600 --a------ C:\WINDOWS\system32\ICAutoUpdate.log.bak 2008-10-14 18:55 . 2008-10-14 19:25 <DIR> d-------- C:\Programfiler\ThinkVantage Fingerprint Software 2008-10-14 18:55 . 2008-10-14 18:55 <DIR> d-------- C:\Programfiler\Fellesfiler\ThinkVantage Fingerprint Software 2008-10-14 18:55 . 2008-10-14 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\UIB 2008-09-23 19:52 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-09-23 19:52 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-09-23 19:52 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-09-23 19:52 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-09-23 19:52 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-09-23 19:52 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-09-23 19:52 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-09-23 19:52 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-09-23 19:51 . 2008-09-23 19:52 <DIR> d-------- C:\Programfiler\Nokia 2008-09-23 19:21 . 2008-09-23 19:21 <DIR> d-------- C:\Programfiler\VS Revo Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 10:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-10-22 10:14 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-10-22 07:35 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-10-20 11:21 --------- d-----w C:\Documents and Settings\Dan\Programdata\OpenOffice.org2 2008-10-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lenovo 2008-10-14 17:02 --------- d-----w C:\Programfiler\Lenovo 2008-10-14 17:02 --------- d-----w C:\Programfiler\Fellesfiler\Lenovo 2008-10-14 17:01 33,536 ----a-w C:\WINDOWS\system32\drivers\tvtfilter.sys 2008-10-14 16:56 30,144 ----a-w C:\WINDOWS\system32\drivers\psadd.sys 2008-09-24 23:47 4,442 ------w C:\WINDOWS\system32\drivers\TPPWRIF.SYS 2008-09-24 23:47 16,384 ------w C:\WINDOWS\PWMBTHLP.EXE 2008-09-23 17:53 --------- d-----w C:\Documents and Settings\Dan\Programdata\Nokia 2008-09-23 17:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations 2008-09-23 17:39 --------- d-----w C:\Programfiler\DIFX 2008-09-23 17:33 --------- d-----w C:\Documents and Settings\All Users\Programdata\Nokia 2008-09-21 15:03 --------- d-----w C:\Programfiler\UltraISO 2008-09-11 10:39 --------- d-----w C:\Documents and Settings\Dan\Programdata\Skype 2008-09-11 10:38 --------- d-----w C:\Documents and Settings\Dan\Programdata\skypePM 2008-09-10 12:30 --------- d-----w C:\Programfiler\Apple Software Update 2008-09-10 12:26 --------- d-----w C:\Programfiler\iTunes 2008-09-10 12:26 --------- d-----w C:\Programfiler\iPod 2008-09-10 12:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-10 12:24 --------- d-----w C:\Programfiler\QuickTime 2008-09-10 12:24 --------- d-----w C:\Programfiler\Bonjour 2008-09-10 12:23 --------- d-----w C:\Programfiler\Fellesfiler\Apple 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-05 20:16 36,864 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-05 12:35 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-05 10:23 --------- d-----w C:\Programfiler\Free WMA to MP3 Converter 2008-08-30 17:50 --------- d-----w C:\Programfiler\MSN Messenger 2008-08-30 07:05 --------- d-----w C:\Programfiler\PC Connectivity Solution 2008-08-29 07:32 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-27 07:57 --------- d-----w C:\Programfiler\Nordic Softsales 2008-08-23 19:35 --------- d-----w C:\Programfiler\Mozilla Firefox 3 Beta 5 2008-08-23 16:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-23 16:46 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-23 16:46 --------- d-----w C:\Documents and Settings\Dan\Programdata\SUPERAntiSpyware.com 2008-05-06 21:29 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050620080507\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-05 141848] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-05 166424] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-05 137752] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896] "TpShocks"="TpShocks.exe" [2008-06-06 C:\WINDOWS\system32\TpShocks.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 16:37 34344 C:\Programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 16:02 34080 C:\Programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2008-08-15 21:37 32768 C:\Programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start-meny^Programmer^Oppstart^OpenOffice.org 2.4.lnk] path=C:\Documents and Settings\Dan\Start-meny\Programmer\Oppstart\OpenOffice.org 2.4.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2008-08-15 21:36 143360 C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] --a------ 2006-11-07 20:51 91688 C:\Programfiler\Lenovo\AwayTask\AwaySch.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --------- 2008-09-25 01:47 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] --a------ 2008-06-13 20:08 3073336 C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --------- 2008-06-05 02:36 242976 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper] --a------ 2005-09-11 13:24 258048 C:\Programfiler\iISystem Wiper\SystemWiper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-08 23:02 289576 C:\Programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker] --------- 2008-06-09 03:00 124248 C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2008-06-09 03:00 165208 C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --a------ 2007-08-30 10:44 25856 C:\Programfiler\NetWaiting\NetWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 C:\Programfiler\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-08-11 08:31 1124352 C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR] --------- 2008-09-25 01:47 331776 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2005-05-20 10:11 925696 C:\Programfiler\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-09-16 12:16 1833296 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-05 14:35 1576176 C:\Programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] --------- 2008-03-26 03:06 59680 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] --a------ 2008-03-24 10:15 68464 C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER] --a------ 2007-01-09 17:28 868352 C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv] --a------ 2008-03-04 07:28 92960 C:\Programfiler\Lenovo\TrackPoint\tp4serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-05-14 16:42 487424 C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2008-05-14 114728] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2008-08-15 11520] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2008-08-15 4224] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-09-25 4442] R1 tvtumon;tvtumon;C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040] R2 Power Manager DBC Service;Power Manager DBC Service;C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe [2008-09-25 94208] R2 smihlp;SMI Helper Driver (smihlp);C:\Programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896] R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952] R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-03-04 22568] R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 57216] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-05 36864] . Contents of the 'Scheduled Tasks' folder 2008-10-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-20 C:\WINDOWS\Tasks\PMTask.job - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 01:47] . - - - - ORPHANS REMOVED - - - - HKCU-Run-chkwinadm - C:\WINDOWS\system32\rwzubmrw.exe HKLM-Run-{A59BC778-DFB6-5249-AB18-D3678680D918} - C:\Documents and Settings\Dan\Mine dokumenter\MSCodec.1408.13.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Dan\Programdata\Mozilla\Firefox\Profiles\3rsoxtqk.default\ FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - C:\Programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 22:40:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\TEMP\93e8f2e7-3c53-4f97-a7dd-7f7a5414d9ad.tmp scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\BRSS01A.EXE C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\system32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programfiler\Lenovo\System Update\SUService.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-10-23 22:44:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-23 20:43:58 ComboFix2.txt 2008-08-23 19:40:03 Pre-Run: 2 689 957 888 byte ledig Post-Run: 2,765,672,448 byte ledig 279 --- E O F --- 2008-10-21 08:56:30 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:47:07, on 23.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dan\Skrivebord\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 10054 bytes Lenke til kommentar
Urbanlapp Skrevet 23. oktober 2008 Forfatter Del Skrevet 23. oktober 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:47:07, on 23.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\WINDOWS\system32\acs.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Programfiler\Fellesfiler\Lenovo\Logger\logmon.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dan\Skrivebord\Test.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207729548343 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 10054 bytes Lenke til kommentar
norbat Skrevet 23. oktober 2008 Del Skrevet 23. oktober 2008 (endret) Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - (no file) O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) Bruk utforsker til å finne og slett følgende mappe: C:\Documents and Settings\All Users\Programdata\xchezyzg (mulig du må slå på 'Vis skjulte filer og mapper' (kontrollpanel->mappealternativer->vis) ) Hvis du ikke får slettet mappa, si ifra, så sletter vi den på en annen måte. Får du fortsatt popup? Endret 23. oktober 2008 av norbat Lenke til kommentar
Urbanlapp Skrevet 23. oktober 2008 Forfatter Del Skrevet 23. oktober 2008 Tusen tak for hjelpen! Har gjort alt, og håper på at alt er bra. Pop Upen har ikke dukket opp etter at jeg har kjørt programmene. Jeg kommer tilbake til tråden hvis det dukker opp noe sånt i løpet av de neste timene! Igjen.....Tusen takk for hjelpen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå